CVE-2020-10754

CWE-287Improper AuthenticationCWE-306Missing AuthenticationCWE-4558 documents7 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 51.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Gnome Networkmanager[red Hat] NetworkmanagerFedoraproject Fedora
Timeline
PublishedJun 8
Latest updateMay 24

Description

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDgnome/networkmanager1.24.01.24.2+1
CVEListV5[red_hat]/networkmanager1.24.2
Debiannetwork-manager< 1.24.2-1+3

Also affects: Fedora 31

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-r5p6-9327-8hcq: It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x2022-05-24
CVEList
CVE-2020-10754: It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x2020-06-08
OSV
CVE-2020-10754: It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x2020-06-08

📋Vendor Advisories

2
Red Hat
NetworkManager: user configuration not honoured leaving the connection unauthenticated via insecure defaults2020-05-29
Debian
CVE-2020-10754: network-manager - It was found that nmcli, a command line interface to NetworkManager did not hono...2020

💬Community

2
Bugzilla
CVE-2020-10754 NetworkManager: user configuration not honoured leaving the connection unauthenticated via insecure defaults [fedora-all]2020-05-29
Bugzilla
CVE-2020-10754 NetworkManager: user configuration not honoured leaving the connection unauthenticated via insecure defaults2020-05-28
CVE-2020-10754 (MEDIUM CVSS 4.3) | It was found that nmcli | cvebase.io