Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-10754

Опубликовано: 29 мая 2020
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.

A flaw was found in nmcli, where the command-line interface to the NetworkManager did not accept the 802-1x.ca-path and 802-1x.phase2-ca-path settings when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and an insecure connection occurs.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5NetworkManagerOut of support scope
Red Hat Enterprise Linux 6NetworkManagerOut of support scope
Red Hat Enterprise Linux 9NetworkManagerNot affected
Red Hat Enterprise Linux 7NetworkManagerFixedRHSA-2020:400329.09.2020
Red Hat Enterprise Linux 8NetworkManagerFixedRHSA-2020:301121.07.2020
Red Hat Enterprise Linux 8NetworkManagerFixedRHSA-2020:301121.07.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-287->CWE-306
https://bugzilla.redhat.com/show_bug.cgi?id=1841041NetworkManager: user configuration not honoured leaving the connection unauthenticated via insecure defaults

EPSS

Процентиль: 48%
0.00252
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-10754

CVSS3: 4.3
ubuntu
больше 5 лет назад

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.

nvd логотип

CVE-2020-10754

CVSS3: 4.3
nvd
больше 5 лет назад

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.

debian логотип

CVE-2020-10754

CVSS3: 4.3
debian
больше 5 лет назад

It was found that nmcli, a command line interface to NetworkManager di ...

github логотип

GHSA-r5p6-9327-8hcq

github
больше 3 лет назад

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.

oracle-oval логотип

ELSA-2020-4003

oracle-oval
больше 5 лет назад

ELSA-2020-4003: NetworkManager security and bug fix update (MODERATE)

EPSS

Процентиль: 48%
0.00252
Низкий

4.3 Medium

CVSS3