CVE-2022-23220

Name of the Vulnerable Software and Affected Versions USBView versions 2.1 through 2.1

Description The issue allows local users, such as those logged in via SSH, to execute arbitrary code as root due to certain Polkit settings, like allow any=yes, disabling the authentication requirement for pkexec. This can be exploited, for example, using the --gtk-module option. The affected operating systems include Ubuntu, Debian, and Gentoo.

Recommendations For USBView version 2.1, update to version 2.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of pkexec with vulnerable Polkit settings to minimize the risk of exploitation.