GNOME Remote Desktop Vulnerability - 20240527004¶
Overview¶
The WA SOC has been made aware of vulnerability in GNOME Remote Desktop that can potentially expose sensitive information and allow unauthorized access to remote desktop sessions.
What is vulnerable?¶
| CVE | Severity | CVSS | Product(s) Affected | Summary | Dated |
|---|---|---|---|---|---|
| CVE-2024-5148 | High | 8.8 | versions 46.0 & 46.1 | Inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and key can be exposed to unauthorized users | 24-May-2024 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):
- https://securityonline.info/cve-2024-5148-gnome-remote-desktop-vulnerability-exposes-sensitive-information/
Additional References¶
- NA