Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-32928

The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through.

Published

2024-08-19T17:15:07.557

Last Modified

2025-03-14T16:15:31.157

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	google	nest_mini_firmware	-	Yes
Hardware	google	nest_mini	-	No
Application	haxx	libcurl	-	Yes

References

https://support.google.com/product-documentation/answer/14771247?hl=en&ref_topic=12974021&sjid=9111851316942032590-NA#zippy= Vendor Advisory ([email protected])