4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
20.7%
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely (CVE-2020-10754). The networkmanager package has been updated to version 1.18.8, fixing this issue and other bugs. Also, the networkmanager-applet package has been updated to version 1.8.24. It also adds support for connecting to WPA3 / SAE protected wireless networks. gnome-control-center and gnome-shell have been fixed to correctly identify the connections as WPA3.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | networkmanager | < 1.18.8-1 | networkmanager-1.18.8-1.mga7 |
Mageia | 7 | noarch | networkmanager-applet | < 1.8.24-1 | networkmanager-applet-1.8.24-1.mga7 |
Mageia | 7 | noarch | gnome-control-center | < 3.32.1-2.2 | gnome-control-center-3.32.1-2.2.mga7 |
Mageia | 7 | noarch | gnome-shell | < 3.32.1-2.1 | gnome-shell-3.32.1-2.1.mga7 |
bugs.mageia.org/show_bug.cgi?id=26673
bugs.mageia.org/show_bug.cgi?id=26713
gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/nm-1-18/NEWS
gitlab.gnome.org/GNOME/network-manager-applet/-/blob/1.8.24/NEWS
lists.fedoraproject.org/archives/list/[email protected]/thread/SI4LWYUPI7M6B24ABADK24T77VF65B4A/
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
20.7%