CVE-2022-45171

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.gruppotim.it/it/footer/red-team.html	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:liveboxcloud:vdesk:*:*:*:*:*:*:*:*

History

26 Jul 2024, 18:20

Type	Values Removed	Values Added
CWE		CWE-434
First Time		Liveboxcloud Liveboxcloud vdesk
CPE		cpe:2.3:a:liveboxcloud:vdesk::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
References	~~() https://www.gruppotim.it/it/footer/red-team.html -~~	() https://www.gruppotim.it/it/footer/red-team.html - Exploit, Third Party Advisory

29 May 2024, 13:02

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en LIVEBOX Collaboration vDesk hasta v018. Se puede realizar una carga sin restricciones de un archivo con un tipo peligroso en la sección del sitio web de vShare. Un usuario remoto, autenticado en el producto, puede cargar arbitrariamente archivos potencialmente peligrosos sin restricciones.

28 May 2024, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-28 20:16

Updated : 2024-08-26 14:35

NVD link : CVE-2022-45171

Mitre link : CVE-2022-45171

CVE.ORG link : CVE-2022-45171

JSON object : View

Products Affected

liveboxcloud

vdesk

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2022-45171", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-05-28T20:16:12.573", "references": [{"url": "https://www.gruppotim.it/it/footer/red-team.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en LIVEBOX Collaboration vDesk hasta v018. Se puede realizar una carga sin restricciones de un archivo con un tipo peligroso en la secci\u00f3n del sitio web de vShare. Un usuario remoto, autenticado en el producto, puede cargar arbitrariamente archivos potencialmente peligrosos sin restricciones."}], "lastModified": "2024-08-26T14:35:00.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:liveboxcloud:vdesk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59F30C76-FDF5-4D2E-A3CE-33EAB97AB650", "versionEndIncluding": "018"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}