Man-in-the-Middle Vulnerability in Nest Production Devices Affecting Google Cloud Services
CVE-2024-32928
5.9MEDIUM
What is CVE-2024-32928?
A security flaw in Nest production devices has been identified, where the CURLOPT_SSL_VERIFYPEER option in libcurl was disabled for specific requests. This configuration weakness opens the door to potential man-in-the-middle attacks, allowing malicious actors to intercept and manipulate the communication between the affected devices and Google cloud services. As the traffic can be routed through any compromised host, this vulnerability poses a significant risk to the integrity and confidentiality of data exchanged with cloud services.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Nest Speakers libcurl
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published