Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentGoogle_DevicesVULNRICHMENT:CVE-2024-32928
HistoryAug 19, 2024 - 4:38 p.m.

CVE-2024-32928

2024-08-1916:38:01
Google_Devices
github.com
3
libcurl
curlopt_ssl_verifypeer
nest production
man-in-the-middle
google cloud services
security vulnerability

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

25.8%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through.

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Nest Speakers",
    "versions": [
      {
        "status": "affected",
        "version": "libcurl"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Related

cvelist 1
cve 1
nvd 1
cvelist
cvelist
CVE-2024-32928
2024-08-19 16:38:01
cve
cve
CVE-2024-32928
2024-08-19 17:15:07
nvd
nvd
CVE-2024-32928
2024-08-19 17:15:07

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

25.8%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2024-32928
cvelist1cve1nvd1