NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

Update to NetworkManager 1.2-beta3. Upstream release announcement:
https://mail.gnome.org/archives/networkmanager-list/2016-March/msg0016 4.html

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network (CVE-2006-7246).

Please note that existing WPA2 Enterprise connections need to be deleted and re-created to take advantage of the new security checks.

This is a re-release of the previous update to also enable the checks for EAP-TLS.

NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network (CVE-2006-7246).

Please note that existing WPA2 Enterprise connections need to be deleted and re-created to take advantage of the new security checks.

NetworkManager did not honor the PolicyKit auth_admin setting when creating Ad-Hoc wireless networks (CVE-2011-2176)

NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network (CVE-2006-7246).

Please note that existing WPA2 Enterprise connections need to be deleted and re-created to take advantage of the new security checks. 

This is a re-release of the previous update to also enable the checks for EAP-TLS.

NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network (CVE-2006-7246).

Please note that existing WPA2 Enterprise connections need to be deleted and re-created to take advantage of the new security checks.

NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network. (CVE-2006-7246)

Please note that existing WPA2 Enterprise connections need to be deleted and re-created to take advantage of the new security checks.

NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network. (CVE-2006-7246)

Please note that existing WPA2 Enterprise connections need to be deleted and re-created to take advantage of the new security checks.

This is a re-release of the previous update to also enable the checks for EAP-TLS.

NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network (CVE-2006-7246). This has been fixed.

Please note that existing WPA2 Enterprise connections need to be deleted and re-created to take advantage of the new security checks.

ID	Name	Product	Family	Severity
90332	Fedora 24 : NetworkManager-fortisslvpn-1.2.0-0.4.beta3.fc24 / etc (2016-cd218eef79)	Nessus	Fedora Local Security Checks	high
75977	openSUSE Security Update : NetworkManager-gnome (openSUSE-SU-2012:0101-1)	Nessus	SuSE Local Security Checks	medium
75976	openSUSE Security Update : NetworkManager (openSUSE-SU-2011:1273-1)	Nessus	SuSE Local Security Checks	low
75684	openSUSE Security Update : NetworkManager-gnome (openSUSE-SU-2012:0101-1)	Nessus	SuSE Local Security Checks	medium
75683	openSUSE Security Update : NetworkManager (openSUSE-SU-2011:1273-1)	Nessus	SuSE Local Security Checks	low
74520	openSUSE Security Update : NetworkManager-gnome / NetworkManager / wpa_supplicant / etc (openSUSE-2011-15)	Nessus	SuSE Local Security Checks	high
58032	SuSE 10 Security Update : NetworkManager (ZYPP Patch Number 7957)	Nessus	SuSE Local Security Checks	high
57972	SuSE 11.1 Security Update : NetworkManager-gnome (SAT Patch Number 5621)	Nessus	SuSE Local Security Checks	high
57086	SuSE 11.1 Security Update : NetworkManager (SAT Patch Number 5381)	Nessus	SuSE Local Security Checks	high
57085	SuSE 11.1 Security Update : NetworkManager (SAT Patch Number 5381)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2006-7246

medium

Tenable Plugins

high

medium

low

medium

low

high

high

high

high

high