CVE-2012-1096 [Medium] | Security Vulnerability in Networkmanager

CVE-2012-1096 is rated Exploit Available (54.3/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.71%). 1 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

EDB-ID	Source	Kind	Published	Link
36887	exploit_db	edb	2012-02-29	Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

36887

exploit_db

edb

2012-02-29

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.35%	0.71%	+0.36%
2	2025-07-20	0.14%	0.35%	+0.21%
3	2025-03-30	—	0.14%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

0.35%

0.71%

+0.36%

2025-07-20

0.14%

0.35%

+0.21%

2025-03-30

—

0.14%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.5	3.1	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:N) Service keeps running; no real outage angle.	1.8	3.6	[email protected]
4.9	2.0	MEDIUM	`AV:L/AC:L/Au:N/C:C/I:N/A:N` Click to expand Access vector (AV:L) Requires local access to the target system. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:N) No availability impact.	3.9	6.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.5

3.1

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:N): Service keeps running; no real outage angle.

1.8

3.6

[email protected]

4.9

2.0

MEDIUM

AV:L/AC:L/Au:N/C:C/I:N/A:N Click to expand

Access vector (AV:L): Requires local access to the target system.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:N): No availability impact.

3.9

6.9

[email protected]

OS Trackers for CVE-2012-1096

vendor	priority	summary	link
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2012-1096
`suse`	medium	CVE-2012-1096 severity moderate: SUSE including 20 source package names (NetworkManager, NetworkManager-bluetooth, …), 301 product×package rows across 76 product lines (SUSE CaaS Platform 4.5, SUSE Enterprise Storage 7, … (76 product lines)): Will Not Fix 301.	https://www.suse.com/security/cve/CVE-2012-1096/
`ubuntu`	low	CVE-2012-1096 low priority: Ubuntu including 1 source packages (network-manager), 34 status rows across 34 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hardy, hirsute, impish, jammy, kinetic, lucid, lunar, mantic, maverick, natty, noble, oneiric, oracular, plucky, precise, quantal, questing, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): ignored 26, deferred 6, DNE 1, needs-triage 1.	https://ubuntu.com/security/CVE-2012-1096

Affected software / configurations for CVE-2012-1096

Vendor	Product	Version	Raw CPE
gnome	networkmanager	<= 0.9.0	cpe:2.3:a:gnome:networkmanager::::::::
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*

References for CVE-2012-1096

URL	Tags
http://www.openwall.com/lists/oss-security/2012/03/02/3	Mailing List Third Party Advisory
https://access.redhat.com/security/cve/cve-2012-1096	Third Party Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=793329	Issue Tracking Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1096	Issue Tracking Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-1096	Issue Tracking Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2012-1096	Third Party Advisory

URL

CVE-2012-1096

Public exploit references (Exploit-DB) for CVE-2012-1096

Exploit prediction scoring system (EPSS) score for CVE-2012-1096

Common vulnerability scoring system (CVSS) metrics for CVE-2012-1096

Weakness enumeration for CVE-2012-1096

OS Trackers for CVE-2012-1096

Affected software / configurations for CVE-2012-1096

References for CVE-2012-1096