Vulnerabilities > CVE-2022-45178 - Unspecified vulnerability in Liveboxcloud Vdesk

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

liveboxcloud

NVD

Published: 2023-04-14

Updated: 2024-11-21

Summary

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role.

Vulnerable Configurations

Part	Description	Count
Application	Liveboxcloud Liveboxcloud Vdesk -	1

References

https://www.gruppotim.it/it/footer/red-team.html
https://www.gruppotim.it/it/footer/red-team.html