CVE-2022-40297
HIGHUBports Ubuntu Touch 16.04 - Improper Privilege Management via Sudo Passcode
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-40297. PoCs published by filipkarc.
AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2022-40297, demonstrating a privilege escalation vulnerability in Ubuntu Touch 16.04 where a 4-digit passcode can be brute-forced to gain root access via sudo.
Description
UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated.
Exploits (1)
This repository contains a functional proof-of-concept exploit for CVE-2022-40297, demonstrating a privilege escalation vulnerability in Ubuntu Touch 16.04 where a 4-digit passcode can be brute-forced to gain root access via sudo.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H