CVE-2009-4144

CWE-3108 documents8 sources

Severity

6.8MEDIUM

EPSS

1.3%

top 20.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Networkmanager

Timeline

PublishedDec 23

Latest updateMay 2

Description

NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDgnome/networkmanager0.7.2

▶Debiannetwork-manager-applet< 0.7.2-2+3

🔴Vulnerability Details

GHSA

GHSA-6w2r-qm6g-q82p: NetworkManager (NM) 0↗2022-05-02

▶

CVEList

CVE-2009-4144: NetworkManager (NM) 0↗2009-12-23

▶

OSV

CVE-2009-4144: NetworkManager (NM) 0↗2009-12-23

▶

📋Vendor Advisories

Ubuntu

network-manager-applet vulnerabilities↗2010-01-13

▶

Red Hat

NetworkManager: WPA enterprise network not verified when certificate is removed↗2009-12-08

▶

Debian

CVE-2009-4144: network-manager - NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Auth...↗2009

▶

💬Community

Bugzilla

CVE-2009-4144 NetworkManager: WPA enterprise network not verified when certificate is removed↗2009-12-11

▶