CVE-2020-10754

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.

Published: Jun 8, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-10754
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
gnome / networkmanager	-	1.22.14
gnome / networkmanager	1.24.0	1.24.2
fedoraproject / fedora	31	31.x

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10754
https://lists.fedoraproject.org/archives/list/[email protected]/message/44FTVXWKDYIAMOOP2PZMUY3D2QNWAVBZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44FTVXWKDYIAMOOP2PZMUY3D2QNWAVBZ/

Vulnerability Database

289,697

CVE-2020-10754