CVE-2022-40297

Published: Sep 9, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated.

Affected (1)

Products: Ubports: Ubuntu Touch

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ubports Ubuntu Touch	Version 16.04

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://github.com/filipkarc/PoC-ubuntutouch-pin-privesc

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/filipkarc/PoC-ubuntutouch-pin-privesc

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.