CVE-2012-2736
published 2019-12-26CVE-2012-2736: In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
PriorityP416medium4.4CVSS 3.1
AVLACLPRLUINSUCLILAN
EPSS
0.43%
34.3th percentile
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | network-manager | < network-manager 0.9.4.0-1 (bookworm) | network-manager 0.9.4.0-1 (bookworm) |
| gnome | networkmanager | — | — |
| network-manager | network-manager | — | — |
| network-manager_project | network-manager | >= 0 < 0.9.4.0-1 | 0.9.4.0-1 |
| network-manager_project | network-manager | >= 0 < 0.9.4.0-1 | 0.9.4.0-1 |
| network-manager_project | network-manager | >= 0 < 0.9.4.0-1 | 0.9.4.0-1 |
| network-manager_project | network-manager | >= 0 < 0.9.4.0-1 | 0.9.4.0-1 |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvdv2.03.3LOWAV:L/AC:M/Au:N/C:P/I:P/A:N
osv4.4MEDIUM
vendor_debian4.4LOW
vendor_redhat4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
network-manager-applet vulnerability
vendor_ubuntu·2012-06-27
CVE-2012-2736 network-manager-applet vulnerability
Title: network-manager-applet vulnerability
Summary: network-manager-applet could create insecure AdHoc wireless networks.
USN-1483-1 fixed a vulnerability in NetworkManager by disabling the
creation of WPA-secured AdHoc wireless connections. This update provides
the corresponding change for network-manager-applet.
Original advisory details:
It was discovered that certain wireless drivers incorrectly handled the
creation of WPA-secured AdHoc connections. This could result in AdHoc
wireless connections being created without any security at all. This update
removes WPA as a security choice for AdHoc connections in NetworkManager.
Instructions: After a standard system update you need to restart your session to make
all the necessary changes.
Ubuntu
NetworkManager vulnerability
vendor_ubuntu·2012-06-27
CVE-2012-2736 NetworkManager vulnerability
Title: NetworkManager vulnerability
Summary: NetworkManager could create insecure AdHoc wireless networks.
It was discovered that certain wireless drivers incorrectly handled the
creation of WPA-secured AdHoc connections. This could result in AdHoc
wireless connections being created without any security at all. This update
removes WPA as a security choice for AdHoc connections in NetworkManager.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
NetworkManager: creating new WPA-secured wireless network results in insecure network being created instead
vendor_redhat·2012-01-15·CVSS 4.4
CVE-2012-2736 [MEDIUM] NetworkManager: creating new WPA-secured wireless network results in insecure network being created instead
NetworkManager: creating new WPA-secured wireless network results in insecure network being created instead
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: NetworkManager (Red Hat Enterprise Linux 5) - Will not fix
Package: NetworkManager (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2012-2736: network-manager - In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2...
vendor_debian·2012·CVSS 4.4
CVE-2012-2736 [MEDIUM] CVE-2012-2736: network-manager - In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2...
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
Scope: local
bookworm: resolved (fixed in 0.9.4.0-1)
bullseye: resolved (fixed in 0.9.4.0-1)
forky: resolved (fixed in 0.9.4.0-1)
sid: resolved (fixed in 0.9.4.0-1)
trixie: resolved (fixed in 0.9.4.0-1)
GHSA
GHSA-j857-gcqp-8fmp: In NetworkManager 0
ghsa_unreviewed·2022-04-23
CVE-2012-2736 [MEDIUM] CWE-306 GHSA-j857-gcqp-8fmp: In NetworkManager 0
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
OSV
CVE-2012-2736: In NetworkManager 0
osv·2019-12-26·CVSS 4.4
CVE-2012-2736 [MEDIUM] CVE-2012-2736: In NetworkManager 0
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-updates/2012-09/msg00049.htmlhttp://www.openwall.com/lists/oss-security/2012/06/15/2http://www.openwall.com/lists/oss-security/2012/06/15/4http://www.ubuntu.com/usn/USN-1483-1http://www.ubuntu.com/usn/USN-1483-2https://access.redhat.com/security/cve/cve-2012-2736https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2736https://security-tracker.debian.org/tracker/CVE-2012-2736http://lists.opensuse.org/opensuse-updates/2012-09/msg00049.htmlhttp://www.openwall.com/lists/oss-security/2012/06/15/2http://www.openwall.com/lists/oss-security/2012/06/15/4http://www.ubuntu.com/usn/USN-1483-1http://www.ubuntu.com/usn/USN-1483-2https://access.redhat.com/security/cve/cve-2012-2736https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2736https://security-tracker.debian.org/tracker/CVE-2012-2736
2019-12-26
Published