Local Privilege Escalation in NetworkManager Affects Multiple Linux Distributions
CVE-2012-1096

5.5MEDIUM

Key Information:

Vendor: Gnome
Status: Networkmanager
Vendor: CVE Published:; 10 March 2020

What is CVE-2012-1096?

NetworkManager versions prior to 0.9 expose a vulnerability that permits local users to utilize other users' certificates or private keys when establishing new connections. This misconfiguration can lead to unauthorized access to sensitive information, highlighting potential risks in multi-user environments where multiple accounts are leveraged.

Affected Version(s)

NetworkManager 0.9 and earlier

References

https://security-tracker.debian.org/tracker/CVE-2012-1096

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1096

x_refsource_MISC

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-1096

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2020
Vulnerability Reserved
Feb 14, 2012

Gnome

What is CVE-2012-1096?

Affected Version(s)

References

CVSS V3.1

Timeline