What is CVE-2020-10754?

CVE-2020-10754 is a vulnerability in NetworkManager that allows a remote authenticated attacker to bypass security restrictions and make insecure connections.

How does CVE-2020-10754 impact IBM Security Guardium?

CVE-2020-10754 affects IBM Security Guardium versions 10.5 to 11.3, allowing for bypassing of security restrictions.

What is the severity of CVE-2020-10754?

CVE-2020-10754 has a severity rating of 4.3, classified as medium.

How can I fix CVE-2020-10754 in IBM Security Guardium?

To fix CVE-2020-10754 in IBM Security Guardium, upgrade to a version that is not affected by the vulnerability.

Are there any references for CVE-2020-10754?

Yes, you can find references for CVE-2020-10754 at the following links: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/184636), [Link 2](https://www.ibm.com/support/pages/node/6455281), [Link 3](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10754).

Vulnerability/
CVE-2020-10754

medium

4.3

CWE

306 287

8/6/2020

15/4/2022

CVE-2020-10754

First published: Mon Jun 08 2020(Updated: )

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
GNOME NetworkManager	<1.22.14
GNOME NetworkManager	>=1.24.0<1.24.2
Fedoraproject Fedora	=31
	<=10.5
	<=10.6
	<=11.0
	<=11.1
	<=11.2
	<=11.3

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10754

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6455281

Frequently Asked Questions

What is CVE-2020-10754?
CVE-2020-10754 is a vulnerability in NetworkManager that allows a remote authenticated attacker to bypass security restrictions and make insecure connections.
How does CVE-2020-10754 impact IBM Security Guardium?
CVE-2020-10754 affects IBM Security Guardium versions 10.5 to 11.3, allowing for bypassing of security restrictions.
What is the severity of CVE-2020-10754?
CVE-2020-10754 has a severity rating of 4.3, classified as medium.
How can I fix CVE-2020-10754 in IBM Security Guardium?
To fix CVE-2020-10754 in IBM Security Guardium, upgrade to a version that is not affected by the vulnerability.
Are there any references for CVE-2020-10754?
Yes, you can find references for CVE-2020-10754 at the following links: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/184636), [Link 2](https://www.ibm.com/support/pages/node/6455281), [Link 3](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10754).

collector/nvd-index
agent/references
agent/weakness
agent/type
agent/first-publish-date
agent/last-modified-date
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/remedy
agent/author
agent/severity
agent/tags
agent/description
agent/softwarecombine
agent/event
vendor/gnome
canonical/gnome networkmanager
version/gnome networkmanager/1.24.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/31
vendor/ibm
canonical/ibm security guardium
version/ibm security guardium/10.5
version/ibm security guardium/10.6
version/ibm security guardium/11.0
version/ibm security guardium/11.1
version/ibm security guardium/11.2
version/ibm security guardium/11.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.