The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through.
References
Configurations
History
20 Aug 2024, 16:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:google:nest_mini_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:google:nest_mini:-:*:*:*:*:*:*:* cpe:2.3:a:haxx:libcurl:-:*:*:*:*:*:*:* |
|
First Time |
Google nest Mini Firmware
Haxx libcurl Haxx Google nest Mini |
|
References | () https://support.google.com/product-documentation/answer/14771247?hl=en&ref_topic=12974021&sjid=9111851316942032590-NA#zippy= - Vendor Advisory | |
CWE | NVD-CWE-noinfo | |
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
19 Aug 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-19 17:15
Updated : 2024-08-20 16:13
NVD link : CVE-2024-32928
Mitre link : CVE-2024-32928
CVE.ORG link : CVE-2024-32928
JSON object : View
Products Affected
- nest_mini
- nest_mini_firmware
haxx
- libcurl
CWE