Remote Desktop Sharing Enabled by Default in Ubuntu's gnome-control-center
CVE-2022-1736

9.8CRITICAL

Key Information:

Vendor

Canonical Ltd.

Status
Ubuntu's Gnome-control-center
Vendor
CVE Published:
31 January 2025

What is CVE-2022-1736?

Ubuntu's gnome-control-center configuration permitted Remote Desktop Sharing to be enabled by default, potentially exposing users to unauthorized access. This flaw may allow an attacker to gain control over a desktop environment remotely, which could lead to data breaches and compromise system integrity. Users are advised to review their settings to ensure that Remote Desktop Sharing is disabled if not needed.

Affected Version(s)

Ubuntu's gnome-control-center Linux 0 < 42.1.1-2ubuntu1

References

https://ubuntu.com/security/notices/USN-5430-1
vendor-advisory
https://bugs.launchpad.net/ubuntu/+source/gnome-remote-de...
issue-tracking
https://ubuntu.com/security/CVE-2022-1736
issue-tracking

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jeremy BĂ­cha
.