Vulnerability Details : CVE-2011-2176
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2011-2176
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-2176
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2011-2176
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2176
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:171
mandriva.com
-
http://securitytracker.com/id?1025711
GNOME NetworkManager Lets Local Users Bypass PolicyKit Settings - SecurityTracker
-
https://bugzilla.redhat.com/show_bug.cgi?id=709662
709662 – (CVE-2011-2176) CVE-2011-2176 NetworkManager: Did not honour PolicyKit auth_admin action element by creation of Ad-Hoc wireless networks
-
http://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?h=NM_0_8
-
http://www.redhat.com/support/errata/RHSA-2011-0930.html
Support
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063665.html
[SECURITY] Fedora 14 Update: NetworkManager-0.8.4-2.git20110622.fc14
Products affected by CVE-2011-2176
- cpe:2.3:a:gnome:networkmanager:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:networkmanager:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:networkmanager:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:networkmanager:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:networkmanager:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:networkmanager:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:networkmanager:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:networkmanager:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:networkmanager:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:networkmanager:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:networkmanager:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:networkmanager:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:networkmanager:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:networkmanager:0.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:networkmanager:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:networkmanager:0.3.0:*:*:*:*:*:*:*