CVE-2020-10754

Published: Jun 8, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.

Affected (3)

Products: Gnome: Networkmanager · Fedoraproject: Fedora

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gnome Networkmanager	Before 1.22.14
Gnome Networkmanager	From 1.24.0 to 1.24.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 31

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10754

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44FTVXWKDYIAMOOP2PZMUY3D2QNWAVBZ/

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10754

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44FTVXWKDYIAMOOP2PZMUY3D2QNWAVBZ/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.