CVE-2020-10754: Medium severity IBM Security Guardium vulnerability

Published Jun 8, 2020
·
Updated

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.

Other sources

NetworkManager could allow a remote authenticated attacker to bypass security restrictions, caused by improper configuration in the nmcli. By connecting to a network, an attacker could exploit this vulnerability to bypass authentication.

IBM

Affected Software

9 affected components
IBM Security Guardium<=10.5
IBM Security Guardium<=10.6
IBM Security Guardium<=11.0
IBM Security Guardium<=11.1
IBM Security Guardium<=11.2
IBM Security Guardium<=11.3
Gnome NetworkManager<1.22.14
Gnome NetworkManager>=1.24.0<1.24.2
Fedoraproject Fedora=31

Remediation

Patch Available

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10754

Event History

Jun 8, 2020
CVE Published
via MITRE·05:16 PM
Data Sourced
via MITRE·05:16 PM
DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is CVE-2020-10754?

CVE-2020-10754 is a vulnerability in NetworkManager that allows a remote authenticated attacker to bypass security restrictions and make insecure connections.

2

How does CVE-2020-10754 impact IBM Security Guardium?

CVE-2020-10754 affects IBM Security Guardium versions 10.5 to 11.3, allowing for bypassing of security restrictions.

3

What is the severity of CVE-2020-10754?

CVE-2020-10754 has a severity rating of 4.3, classified as medium.

4

How can I fix CVE-2020-10754 in IBM Security Guardium?

To fix CVE-2020-10754 in IBM Security Guardium, upgrade to a version that is not affected by the vulnerability.

5

Are there any references for CVE-2020-10754?

Yes, you can find references for CVE-2020-10754 at the following links: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/184636), [Link 2](https://www.ibm.com/support/pages/node/6455281), [Link 3](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10754).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203