Описание
The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through.
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:google:nest_mini_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:google:nest_mini:-:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:haxx:libcurl:-:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00083
Низкий
5.9 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-295
Связанные уязвимости
CVSS3: 5.9
github
больше 1 года назад
The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through.
EPSS
Процентиль: 24%
0.00083
Низкий
5.9 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-295