Login Sign Up

CVE-2022-1736

9.8 CRITICAL

📋 TL;DR

Ubuntu's default configuration of gnome-control-center enabled Remote Desktop Sharing by default, allowing unauthorized remote access to desktop sessions. This affects Ubuntu systems with GNOME desktop environment where users haven't manually disabled this feature.

💻 Affected Systems

Products:
  • gnome-control-center
  • gnome-remote-desktop
Versions: Ubuntu 22.04 LTS (Jammy Jellyfish)
Operating Systems: Ubuntu 22.04 LTS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with GNOME desktop environment. Other Ubuntu flavors or desktop environments not affected.

📦 What is this software?

Gnome Remote Desktop by Gnome

View all CVEs affecting Gnome Remote Desktop →

Gnome Remote Desktop by Gnome

View all CVEs affecting Gnome Remote Desktop →

Gnome Remote Desktop by Gnome

View all CVEs affecting Gnome Remote Desktop →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via unauthorized remote desktop access, allowing attackers to execute arbitrary commands, steal data, and maintain persistence.

🟠

Likely Case

Unauthorized access to user sessions, potential data theft, and privilege escalation if user has administrative rights.

🟢

If Mitigated

Limited impact if proper network segmentation and authentication controls are in place.

🌐 Internet-Facing: HIGH - Directly exposed to internet attacks if system has public IP and vulnerable service is running.
🏢 Internal Only: MEDIUM - Still vulnerable to internal threats and lateral movement within network.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires network access to the vulnerable service. No authentication bypass needed since service is enabled by default.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: gnome-remote-desktop 42.0-1ubuntu1.1 or later

Vendor Advisory: https://ubuntu.com/security/notices/USN-5430-1

Restart Required: No

Instructions:

1. Run: sudo apt update && sudo apt upgrade gnome-remote-desktop
2. Alternatively, apply all security updates: sudo apt update && sudo apt upgrade

🔧 Temporary Workarounds

Disable Remote Desktop Sharing

all

Manually disable Remote Desktop Sharing in GNOME settings

gsettings set org.gnome.desktop.remote-desktop.vnc enable false

Block VNC Port

all

Block VNC port (5900) at firewall level

sudo ufw deny 5900

🧯 If You Can't Patch

  • Disable Remote Desktop Sharing via gsettings command
  • Implement strict network segmentation and firewall rules to block VNC traffic

🔍 How to Verify

Check if Vulnerable:

Check if Remote Desktop Sharing is enabled: gsettings get org.gnome.desktop.remote-desktop.vnc enable

Check Version:

apt list --installed | grep gnome-remote-desktop

Verify Fix Applied:

Verify gnome-remote-desktop version: apt list --installed | grep gnome-remote-desktop

📡 Detection & Monitoring

Log Indicators:

  • VNC connection attempts in system logs
  • Authentication failures for remote desktop service

Network Indicators:

  • Unexpected VNC traffic on port 5900
  • Remote desktop protocol connections from unauthorized sources

SIEM Query:

source="systemd" "vnc" OR "remote-desktop" OR port=5900

📊 Metadata

CVE ID: CVE-2022-1736
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: January 31, 2025
Last Updated: August 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON