CVE Vulnerabilities

CVE-2020-10754

Improper Authentication

Published: Jun 08, 2020 | Modified: Nov 21, 2024
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
4.3 MODERATE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Ubuntu
MEDIUM

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Networkmanager Gnome * 1.22.14 (excluding)
Networkmanager Gnome 1.24.0 (including) 1.24.2 (excluding)
Red Hat Enterprise Linux 7 RedHat NetworkManager-1:1.18.8-1.el7 *
Red Hat Enterprise Linux 8 RedHat NetworkManager-1:1.22.8-5.el8_2 *
Red Hat Enterprise Linux 8 RedHat NetworkManager-1:1.22.8-5.el8_2 *
Network-manager Ubuntu trusty *

Potential Mitigations

References