CVE-2023-5616

Summary

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.

Affected Software

VendorProductVersion RangeStatus
Canonical Ltd.Ubuntu’s gnome-control-center1:45 < 1:45.0-1ubuntu3.1affected
Canonical Ltd.Ubuntu’s gnome-control-center1:44 < 1:44.0-1ubuntu6.1affected
Canonical Ltd.Ubuntu’s gnome-control-center1:41 < 1:41.7-0ubuntu0.22.04.8affected
Canonical Ltd.Ubuntu’s gnome-control-center1:3 < 1:3.36.5-0ubuntu4.1affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References