CVE-2022-40297

UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/filipkarc/PoC-ubuntutouch-pin-privesc	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:ubports:ubuntu_touch:16.04:*:*:*:*:*:*:*

History

07 Nov 2023, 03:52

Type	Values Removed	Values Added
Summary	DISPUTED UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated."	UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated.

Information

Published : 2022-09-09 00:15

Updated : 2024-08-03 13:15

NVD link : CVE-2022-40297

Mitre link : CVE-2022-40297

CVE.ORG link : CVE-2022-40297

JSON object : View

Products Affected

ubports

ubuntu_touch

CWE

CWE-269

Improper Privilege Management

7.8 /10