Vulnerability Details CVE-2024-32928
The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.8%
CVSS Severity
CVSS v3 Score 5.9