Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access to the device, could extend the maximum allowed disconnected time of WARP client granted by an override code by changing the date & time on the local device where WARP is running.
History

Thu, 26 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cloudflare

Published: 2023-09-07T12:11:01.435Z

Updated: 2024-09-26T14:17:57.684Z

Reserved: 2023-07-18T08:43:28.555Z

Link: CVE-2023-3747

cve-icon Vulnrichment

Updated: 2024-08-02T07:01:57.546Z

cve-icon NVD

Status : Modified

Published: 2023-09-07T13:15:09.030

Modified: 2024-11-21T08:17:58.303

Link: CVE-2023-3747

cve-icon Redhat

No data.