Login Sign Up

CVE-2024-6388

5.9 MEDIUM

📋 TL;DR

The Ubuntu Advantage Desktop Daemon before version 1.12 leaks Pro tokens to unprivileged users by passing them as plaintext arguments. This allows unauthorized users to view sensitive authentication tokens. Affected systems are Ubuntu installations running the vulnerable daemon.

💻 Affected Systems

Products:
  • Ubuntu Advantage Desktop Daemon
Versions: All versions before 1.12
Operating Systems: Ubuntu Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Ubuntu Advantage Desktop Daemon installed and configured with Pro tokens.

📦 What is this software?

Ubuntu Advantage Desktop Daemon by Canonical

View all CVEs affecting Ubuntu Advantage Desktop Daemon →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could steal the Pro token and use it to gain unauthorized access to Ubuntu Advantage services, potentially compromising subscription benefits or accessing restricted updates.

🟠

Likely Case

Local unprivileged users can view the Pro token, which could be used for unauthorized access to Ubuntu Advantage features or shared maliciously.

🟢

If Mitigated

With proper access controls and patching, the token remains protected and only accessible to authorized processes.

🌐 Internet-Facing: LOW - This is primarily a local privilege issue requiring local access to the system.
🏢 Internal Only: MEDIUM - Internal users with local access could exploit this to gain unauthorized access to Ubuntu Advantage services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW - Requires local access to view process arguments.

Exploitation requires local access to the system to view process arguments containing the token.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.12 and later

Vendor Advisory: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944

Restart Required: Yes

Instructions:

1. Update Ubuntu Advantage tools: sudo apt update && sudo apt upgrade ubuntu-advantage-tools
2. Restart the daemon: sudo systemctl restart ubuntu-advantage-desktop-daemon
3. Verify the version is 1.12 or higher

🔧 Temporary Workarounds

Disable Ubuntu Advantage Desktop Daemon

linux

Temporarily disable the vulnerable service until patching is possible.

sudo systemctl stop ubuntu-advantage-desktop-daemon
sudo systemctl disable ubuntu-advantage-desktop-daemon

🧯 If You Can't Patch

  • Restrict local user access to systems running the vulnerable daemon.
  • Monitor process listings for unauthorized viewing of daemon process arguments.

🔍 How to Verify

Check if Vulnerable:

Check if Ubuntu Advantage Desktop Daemon version is below 1.12: dpkg -l | grep ubuntu-advantage-desktop-daemon

Check Version:

dpkg -l | grep ubuntu-advantage-desktop-daemon

Verify Fix Applied:

Verify version is 1.12 or higher: dpkg -l | grep ubuntu-advantage-desktop-daemon

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to Ubuntu Advantage services using potentially leaked tokens

Network Indicators:

  • Unusual authentication patterns to Ubuntu Advantage services from unexpected locations

SIEM Query:

Process monitoring for 'ubuntu-advantage-desktop-daemon' with arguments containing token strings

📊 Metadata

CVE ID: CVE-2024-6388
CVSS v3 Score: 5.9 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
CWE: CWE-497
Published: June 27, 2024
Last Updated: August 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6388, you might also want to check these:

CVE-2025-47699 9.9

This vulnerability in Gallagher Command Centre Server allows authenticated operators with limited si...

Same vulnerability type (CWE-497)
CVE-2025-44823 9.9

Nagios Log Server before version 2024R1.3.2 allows authenticated users to retrieve cleartext adminis...

Same vulnerability type (CWE-497)
CVE-2025-1144 9.8

The School Affairs System from Quanxun exposes sensitive information to unauthenticated attackers, a...

Same vulnerability type (CWE-497)