CVE-2023-5616 — Vulnetix

CVE-2023-5616 PUBLISHED CVSS 4.900000095367432 MEDIUM

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.

EPSS 0.04% · 13.3th percentile

Risk Scores

CVSS 3.1

4.900000095367432

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score

0.04%

13.3th percentile

Affected Products

Vendor	Product	Versions
canonical	ubuntu_linux	20.04, 22.04, 23.10
gnome	control_center	1.3, 1.41, 1.44
Canonical Ltd.	Ubuntu's gnome-control-center	1:45, 1:44, *

Exploit Intelligence

CIRCL seen: CVE-2023-5616 (circl-sighting)
CIRCL seen: CVE-2023-5616 (circl-sighting)
https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577 (circl)
https://ubuntu.com/security/notices/USN-6554-1 (circl)
https://ubuntu.com/security/CVE-2023-5616 (circl)

Timeline

Jan 21, 1970 Distribution Patch
Jan 21, 1970 Security Advisory
Apr 15, 2025 CVE Published
Apr 15, 2025 PoC Published
Apr 15, 2025 PoC Published
Apr 16, 2025 EPSS Score
Apr 22, 2025 Coalition ESS Score
Apr 28, 2025 EPSS Score
May 11, 2025 EPSS Score
May 23, 2025 EPSS Score
Jun 5, 2025 EPSS Score
Jun 17, 2025 EPSS Score

References

https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577 issue
https://ubuntu.com/security/notices/USN-6554-1 vendor-advisory
https://ubuntu.com/security/CVE-2023-5616 issue
https://nvd.nist.gov/vuln/detail/CVE-2023-5616 advisory

Open in Interactive Console →