CVE-2022-1736

CVE-2022-1736 is a vulnerability in Ubuntu's configuration of gnome-control-center that allowed Remote Desktop Sharing to be enabled by default. This issue affects Ubuntu systems using the gnome-control-center component, with related involvement from gnome-remote-desktop, as documented in the associated Launchpad bug report.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), enabling remote exploitation over the network by unauthenticated attackers with low attack complexity and no user interaction. Attackers can achieve high impacts on confidentiality, integrity, and availability, potentially gaining unauthorized remote access to the desktop session due to the default-enabled sharing feature.

Ubuntu security advisories provide mitigation details, including patches in USN-5430-1. Additional information on fixes and affected versions is available at https://ubuntu.com/security/CVE-2022-1736 and https://ubuntu.com/security/notices/USN-5430-1, along with the bug tracker at https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028.