Security Advisory

CVE-2022-23220

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-01-21 00:00:00

Last updated 2024-08-03 03:36:20

Assigner mitre

State PUBLISHED

Description

USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.

← Browse all CVEs View on cve.org ↗