CRITICAL🇵🇱 Wersja polska

CVE-2022-1736

CVSS 9.8v3.1pub. 2025-01-31upd. 2025-08-26

Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.

🤖 AI Analysis
How it works

The error consists of improper configuration of the gnome-control-center package delivered by Canonical in the Ubuntu distribution, which caused automatic enabling of Remote Desktop Sharing. This means the system could accept remote connections without explicit action from the user or administrator. An unauthenticated remote attacker could potentially gain access to the graphical session of a logged-in user.

Impact

An unauthorized remote attacker can gain full access to the victim's desktop, leading to a breach of confidentiality, integrity, and system availability.

Mitigation & patch

Apply patches available from the vendor according to the references — Ubuntu security bulletin USN-5430-1. It is also recommended to manually verify and disable Remote Desktop Sharing in the system settings if it is not required.

Who is affected

GNOME gnome-remote-desktop and Canonical Ubuntu Linux in the versions indicated in the vendor references (patches described in USN-5430-1)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Canonical Ubuntu

    OS
    Canonical
    18.0420.0422.04
  • Gnome Remote Desktop

    APP
    Gnome
    42.1.142.1.1-142.1.1-2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2022-0543CRITICAL10.0⚠ KEVten sam produkt

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debia...

CVE-2020-11651CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process Clea...

CVE-2020-7247CRITICAL9.8⚠ KEVten sam produkt

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote att...

CVE-2019-16928CRITICAL9.8⚠ KEVten sam produkt

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is...