Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-1096

CWE-295Improper Certificate Validation9 documents7 sources
Severity
5.5MEDIUM
EPSS
0.4%
top 42.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Gnome NetworkmanagerDebian Debian Linux
Timeline
PublishedMar 10
Latest updateApr 23

Description

NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5gnome/networkmanager0.9 and earlier

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-xpp6-cqwc-x7wh: NetworkManager 02022-04-23
CVEList
CVE-2012-1096: NetworkManager 02020-03-10
OSV
CVE-2012-1096: NetworkManager 02020-03-10

💥Exploits & PoCs

1
Exploit-DB
GNOME NetworkManager 0.x - Local Arbitrary File Access2012-02-29

📋Vendor Advisories

1
Red Hat
wpa_supplicant: Improper x509v3 certificate and key file paths sanitization2012-02-29

💬Community

2
Bugzilla
CVE-2012-1096 NetworkManager 0.9 arbitrary file access [fedora-all]2012-03-02
Bugzilla
CVE-2012-1096 NetworkManager, wpa_supplicant: Improper x509v3 certificate and key file paths sanitization2011-12-22