CVE-2021-20297 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 33%

Affected Products (NVD)

Vendor	Product	Version
gnome	networkmanager	𝑥 < 1.30.0
redhat	openshift_container_platform	4.0
redhat	enterprise_linux	8.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

network-manager

bookworm	1.42.4-1 fixed
bullseye	1.30.6-1+deb11u1 fixed
buster	not-affected
sid	1.50.0-1 fixed
stretch	not-affected
trixie	1.50.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

network-manager

bionic	not-affected
focal	not-affected
groovy	Fixed 1.26.2-1ubuntu1.1 released
trusty	dne
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

NetworkManager-devel

suse enterprise desktop 15 SP4	1.32.12-150400.1.11 fixed
suse enterprise sap 15 SP4	1.32.12-150400.1.11 fixed
suse enterprise server 15 SP4	1.32.12-150400.1.11 fixed
suse enterprise workstation 15 SP4	1.32.12-150400.1.11 fixed

NetworkManager-lang

suse enterprise desktop 15 SP4	1.32.12-150400.1.11 fixed
suse enterprise sap 15 SP4	1.32.12-150400.1.11 fixed
suse enterprise server 15 SP4	1.32.12-150400.1.11 fixed
suse enterprise workstation 15 SP4	1.32.12-150400.1.11 fixed

libnm0

suse enterprise desktop 15 SP4	1.32.12-150400.1.11 fixed
suse enterprise desktop 15 SP5	1.38.6-150500.1.2 fixed
suse enterprise desktop 15 SP6	1.44.2-150600.1.7 fixed
suse enterprise desktop 15 SP7	1.44.2-150600.3.2.1 fixed
suse enterprise sap 15 SP4	1.32.12-150400.1.11 fixed
suse enterprise sap 15 SP5	1.38.6-150500.1.2 fixed
suse enterprise sap 15 SP6	1.44.2-150600.1.7 fixed
suse enterprise sap 15 SP7	1.44.2-150600.3.2.1 fixed
suse enterprise server 15 SP4	1.32.12-150400.1.11 fixed
suse enterprise server 15 SP5	1.38.6-150500.1.2 fixed
suse enterprise server 15 SP6	1.44.2-150600.1.7 fixed
suse enterprise server 15 SP7	1.44.2-150600.3.2.1 fixed

typelib-1_0-NM-1_0

suse enterprise desktop 15 SP4	1.32.12-150400.1.11 fixed
suse enterprise desktop 15 SP5	1.38.6-150500.1.2 fixed
suse enterprise desktop 15 SP6	1.44.2-150600.1.7 fixed
suse enterprise desktop 15 SP7	1.44.2-150600.3.2.1 fixed
suse enterprise sap 15 SP4	1.32.12-150400.1.11 fixed
suse enterprise sap 15 SP5	1.38.6-150500.1.2 fixed
suse enterprise sap 15 SP6	1.44.2-150600.1.7 fixed
suse enterprise sap 15 SP7	1.44.2-150600.3.2.1 fixed
suse enterprise server 15 SP4	1.32.12-150400.1.11 fixed
suse enterprise server 15 SP5	1.38.6-150500.1.2 fixed
suse enterprise server 15 SP6	1.44.2-150600.1.7 fixed
suse enterprise server 15 SP7	1.44.2-150600.3.2.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

NetworkManager

RHEL 8

1:1.30.0-7.el8

fixed

NetworkManager-adsl

RHEL 8

1:1.30.0-7.el8

fixed

NetworkManager-bluetooth

RHEL 8

1:1.30.0-7.el8

fixed

NetworkManager-cloud-setup

RHEL 8

1:1.30.0-7.el8

fixed

NetworkManager-config-connectivity-redhat

RHEL 8

1:1.30.0-7.el8

fixed

NetworkManager-config-server

RHEL 8

1:1.30.0-7.el8

fixed

NetworkManager-dispatcher-routing-rules

RHEL 8

1:1.30.0-7.el8

fixed

NetworkManager-libnm

RHEL 8

1:1.30.0-7.el8

fixed

NetworkManager-libnm-devel

RHEL 8

1:1.30.0-7.el8

fixed

NetworkManager-ovs

RHEL 8

1:1.30.0-7.el8

fixed

NetworkManager-ppp

RHEL 8

1:1.30.0-7.el8

fixed

NetworkManager-team

RHEL 8

1:1.30.0-7.el8

fixed

NetworkManager-tui

RHEL 8

1:1.30.0-7.el8

fixed

NetworkManager-wifi

RHEL 8

1:1.30.0-7.el8

fixed

NetworkManager-wwan

RHEL 8

1:1.30.0-7.el8

fixed

libnma

RHEL 8

0:1.8.30-2.el8

fixed

libnma-devel

RHEL 8

0:1.8.30-2.el8

fixed

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1943282