CVE-2022-23220 - OpenCVE

USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Gentoo	Linux
Usbview Project	Usbview

Configuration 1 [-]

AND

cpe:2.3:a:usbview_project:usbview:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:canonical:ubuntu_linux:-:::::::*
	cpe:2.3:o:debian:debian_linux:-:::::::*
	cpe:2.3:o:gentoo:linux:-:::::::*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/01/22/1
https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b
https://security.gentoo.org/glsa/202310-15
https://www.debian.org/security/2022/dsa-5052
https://www.openwall.com/lists/oss-security/2022/01/21/1

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-01-21T00:00:00

Updated: 2024-08-03T03:36:20.290Z

Reserved: 2022-01-14T00:00:00

Link: CVE-2022-23220

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-01-21T16:15:08.193

Modified: 2023-11-09T20:56:33.503

Link: CVE-2022-23220

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-23220", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T03:36:20.290Z", "dateReserved": "2022-01-14T00:00:00", "datePublished": "2022-01-21T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-26T06:06:16.049280"}, "descriptions": [{"lang": "en", "value": "USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b"}, {"url": "https://www.openwall.com/lists/oss-security/2022/01/21/1"}, {"name": "DSA-5052", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5052"}, {"name": "[oss-security] 20220122 Re: usbview polkit policy local root exploit (CVE-2022-23220)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/01/22/1"}, {"name": "GLSA-202310-15", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202310-15"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:36:20.290Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2022/01/21/1", "tags": ["x_transferred"]}, {"name": "DSA-5052", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5052"}, {"name": "[oss-security] 20220122 Re: usbview polkit policy local root exploit (CVE-2022-23220)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/01/22/1"}, {"name": "GLSA-202310-15", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202310-15"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:usbview_project:usbview:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FE8D6E2-F783-4C42-B8CD-E842516629FC", "versionEndExcluding": "2.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*", "matchCriteriaId": "019A2188-0877-45DE-8512-F0BF70DD179C", "vulnerable": false}, {"criteria": "cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*", "matchCriteriaId": "5920923E-0D52-44E5-801D-10B82846ED58", "vulnerable": false}, {"criteria": "cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*", "matchCriteriaId": "92121D8A-529E-454A-BC8D-B6E0017E615D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo."}, {"lang": "es", "value": "USBView versiones 2.1 anteriores a 2.2, permite a algunos usuarios locales (por ejemplo, los que son conectados por SSH) ejecutar c\u00f3digo arbitrario como root porque determinadas configuraciones de Polkit (por ejemplo, allow_any=yes) para pkexec deshabilitan el requisito de autenticaci\u00f3n. Una ejecuci\u00f3n de c\u00f3digo puede, por ejemplo, usar la opci\u00f3n --gtk-module. Esto afecta a Ubuntu, Debian y Gentoo"}], "id": "CVE-2022-23220", "lastModified": "2023-11-09T20:56:33.503", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-21T16:15:08.193", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/01/22/1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202310-15"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5052"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/01/21/1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}