CVE-2023-5616 — MEDIUM (4.9)

Q: How severe is CVE-2023-5616?

CVE-2023-5616 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-5616?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Control Center, Canonical Ubuntu Linux.

Vulnerability Description

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Gnome	Control Center	>= 1.3, < 1.3.36.5-0ubuntu4.1
Canonical	Ubuntu Linux	20.04

Related Weaknesses (CWE)

CWE-290

References

https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577ExploitIssue Tracking
https://ubuntu.com/security/CVE-2023-5616Vendor Advisory
https://ubuntu.com/security/notices/USN-6554-1Vendor Advisory

FAQ

What is CVE-2023-5616?

CVE-2023-5616 is a vulnerability with a CVSS score of 4.9 (MEDIUM). In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the lo...

How severe is CVE-2023-5616?

CVE-2023-5616 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5616?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Control Center, Canonical Ubuntu Linux.