CVE-2022-1736

Critical

Published: 31 January 2025

Published

31 January 2025

Modified

26 August 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0054 67.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-1736 is a critical-severity an unspecified weakness vulnerability in Gnome Gnome-Remote-Desktop. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 32.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and CM-6 (Configuration Settings).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-6 Configuration Settings good match

prevent

Mandates secure configuration settings that disable unnecessary features like default-enabled Remote Desktop Sharing in gnome-control-center.

CM-7 Least Functionality good match

prevent

Restricts systems to least functionality required, preventing default enabling of remote desktop sharing that exposes systems to unauthorized access.

AC-17 Remote Access good match

prevent

Establishes and enforces usage restrictions and secure configurations for remote access, mitigating default-enabled Remote Desktop Sharing without authentication.

NVD Description

Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.

Deeper analysisAI

CVE-2022-1736 is a vulnerability in Ubuntu's configuration of gnome-control-center that allowed Remote Desktop Sharing to be enabled by default. This issue affects Ubuntu systems using the gnome-control-center component, with related involvement from gnome-remote-desktop, as documented in the associated Launchpad bug report.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), enabling remote exploitation over the network by unauthenticated attackers with low attack complexity and no user interaction. Attackers can achieve high impacts on confidentiality, integrity, and availability, potentially gaining unauthorized remote access to the desktop session due to the default-enabled sharing feature.

Ubuntu security advisories provide mitigation details, including patches in USN-5430-1. Additional information on fixes and affected versions is available at https://ubuntu.com/security/CVE-2022-1736 and https://ubuntu.com/security/notices/USN-5430-1, along with the bug tracker at https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028.

Details

CWE(s): NVD-CWE-noinfo

Affected Products

gnome

gnome-remote-desktop

42.1.1, 42.1.1-1, 42.1.1-2

canonical

ubuntu linux

18.04, 20.04, 22.04

CVEs Like This One

CVE-2025-33208Same product: Canonical Ubuntu Linux

CVE-2025-26466Same product: Canonical Ubuntu Linux

CVE-2026-5412Same vendor: Canonical

CVE-2025-0928Same vendor: Canonical

CVE-2026-34177Same vendor: Canonical

CVE-2025-53513Same vendor: Canonical

CVE-2025-14551Same vendor: Canonical

CVE-2023-0881Same vendor: Canonical

CVE-2026-4370Same vendor: Canonical

CVE-2026-34178Same vendor: Canonical

References

https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028
Issue Tracking · security@ubuntu.com
https://ubuntu.com/security/CVE-2022-1736
Vendor Advisory · security@ubuntu.com
https://ubuntu.com/security/notices/USN-5430-1
Vendor Advisory · security@ubuntu.com