CVE-2012-2736

CWE-306 — Missing Authentication9 documents8 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 76.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Network-manager Network-manager Canonical Ubuntu Linux Debian Debian Linux +2 more

Timeline

PublishedDec 26

Latest updateApr 23

Description

In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages4 packages

▶NVDgnome/networkmanager0.9.2.0

▶Debiannetwork-manager< 0.9.4.0-1+3

▶CVEListV5network-manager/network-manager0.9.2.0

▶NVDopensuse/opensuse12.1

Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 10.04, 11.04, 11.10

Patches

Patch: lists.opensuse.org ↗Patch: www.openwall.com ↗Patch: lists.opensuse.org ↗

🔴Vulnerability Details

GHSA

GHSA-j857-gcqp-8fmp: In NetworkManager 0↗2022-04-23

▶

CVEList

CVE-2012-2736: In NetworkManager 0↗2019-12-26

▶

OSV

CVE-2012-2736: In NetworkManager 0↗2019-12-26

▶

📋Vendor Advisories

Ubuntu

network-manager-applet vulnerability↗2012-06-27

▶

Ubuntu

NetworkManager vulnerability↗2012-06-27

▶

Red Hat

NetworkManager: creating new WPA-secured wireless network results in insecure network being created instead↗2012-01-15

▶

Debian

CVE-2012-2736: network-manager - In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2...↗2012

▶

💬Community

Bugzilla

CVE-2012-2736 NetworkManager: creating new WPA-secured wireless network results in insecure network being created instead↗2012-01-18

▶