漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Lock WARP switch bypass by removing VPN profile on iOS mobile client
Vulnerability Description
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
Vulnerability Type
授权机制缺失
Vulnerability Title
Cloudflare WARP 安全漏洞
Vulnerability Description
Cloudflare WARP(Cloudflare Vpn)是美国Cloudflare公司的一个用于安全连接的客户端应用软件。 Cloudflare WARP存在安全漏洞,该漏洞源于尽管在零信任平台上启用了锁定WARP开关功能,但用户可以从iOS平台上的WARP移动客户端中删除VPN配置文件。这导致绕过零信任平台对已注册设备强制实施的策略和限制。
CVSS Information
N/A
Vulnerability Type
N/A