NetworkManager Certificate Pinning Flaw Affecting 802.11X Authentication
CVE-2006-7246

6.8MEDIUM

Key Information:

Vendor

Gnome
Status
Networkmanager
Vendor
CVE Published:
27 January 2020

What is CVE-2006-7246?

NetworkManager versions 0.9.x exhibit a vulnerability in how they handle certificate pinning during 802.11X authentication. This flaw allows the software not to properly associate the certificate's subject with the ESSID, potentially exposing the network to unauthorized access. Attackers can exploit this weakness to present illegitimate certificates, allowing them to impersonate trusted entities on the network, which could lead to man-in-the-middle attacks or unauthorized data interception.

References

https://bugzilla.gnome.org/show_bug.cgi?id=341323
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2010/04/22/2
x_refsource_MISC
https://bugzilla.novell.com/show_bug.cgi?id=574266
x_refsource_MISC

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2006-7246 : NetworkManager Certificate Pinning Flaw Affecting 802.11X Authentication