Vulnerability Details CVE-2022-23220
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
Products affected by CVE-2022-23220
-
cpe:2.3:a:usbview_project:usbview:*
-
cpe:2.3:o:canonical:ubuntu_linux:-
-
cpe:2.3:o:debian:debian_linux:-
-