CVE-2020-10754
Advisory lineage Upstream: 0 Downstream: 5
Modified
Published: 08 Jun 2020, 17:16
Last modified:04 Aug 2024, 11:14
Vulnerability Summary
Overall Risk (default)
low
17/100 CVSS Score
4.3 MEDIUM
v3.1 (cve.org)
EPSS Score
0.25% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
08 Jun 2020, 17:16
Published
Vulnerability first disclosed
04 Aug 2024, 11:14
Last Modified
Vulnerability information updated
Description
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.
CVSS Metrics
- v3.1•MEDIUM•Score: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.25%• Percentile: 49%
Techniques & Countermeasures
- CWE-287•Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
- CWE-306•Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Affected Systems
- fedoraproject•fedora
31
- gnome•networkmanager
< 1.22.14 | ≥ 1.24.0, < 1.24.2
- [red hat]•networkmanager
1.24.2