CVE-2023-5616
Medium
Low
Medium
High
Critical
4.9
CVSS Score
Vulnerability Description
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
L
Attack Complexity
H
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
L
Integrity
L
Availability
L
Known Affected Software
4 configuration(s) from 1 vendor(s)
ubuntu_linux
Version:
20.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*
ubuntu_linux
Version:
23.10
CPE:
cpe:2.3:o:canonical:ubuntu_linux:23.10:*:*:*:*:*:*:*
ubuntu_linux
Version:
22.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
ubuntu_linux
Version:
23.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*
This vulnerability affects 4 software configuration(s). Ensure you patch all affected systems.
References & Resources
Severity Details
4.9
out of 10.0
Medium
Weakness Type (CWE)
CWE-290
Authentication Bypass by Spoofing
- Description
- This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- April 15, 2025
