Published: 21/01/2022 Updated: 09/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

USBView 2.1 prior to 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.

Vulnerable Product	Search on Vulmon	Subscribe to Product
usbview_project usbview

Matthias Gerstner reported that usbview, a USB device viewer, does not properly handle authorization in the PolicyKit policy configuration, which could result in root privilege escalation For the oldstable distribution (buster), this problem has been fixed in version 20-21-g6fe2f4f-2+deb10u1 For the stable distribution (bullseye), this problem h ...

CWE-306 https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b https://www.openwall.com/lists/oss-security/2022/01/21/1 https://www.debian.org/security/2022/dsa-5052 http://www.openwall.com/lists/oss-security/2022/01/22/1 https://security.gentoo.org/glsa/202310-15 https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5052

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-23220

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect