cbcvebase.
CVE-2020-10754
published 2020-06-08

CVE-2020-10754: It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new…

PriorityP422medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.98%
57.9th percentile
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.

Affected

8 ranges
VendorProductVersion rangeFixed in
debiannetwork-manager< network-manager 1.24.2-1 (bookworm)network-manager 1.24.2-1 (bookworm)
fedoraprojectfedora
gnomenetworkmanager< 1.22.141.22.14
gnomenetworkmanager>= 1.24.0 < 1.24.21.24.2
network-manager_projectnetwork-manager>= 0 < 1.24.2-11.24.2-1
network-manager_projectnetwork-manager>= 0 < 1.24.2-11.24.2-1
network-manager_projectnetwork-manager>= 0 < 1.24.2-11.24.2-1
network-manager_projectnetwork-manager>= 0 < 1.24.2-11.24.2-1

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.