CVE-2022-45178

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role.
References
Link Resource
https://www.gruppotim.it/it/footer/red-team.html Exploit Third Party Advisory
https://www.gruppotim.it/it/footer/red-team.html Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:liveboxcloud:vdesk:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:28

Type Values Removed Values Added
References () https://www.gruppotim.it/it/footer/red-team.html - Exploit, Third Party Advisory () https://www.gruppotim.it/it/footer/red-team.html - Exploit, Third Party Advisory

Information

Published : 2023-04-14 14:15

Updated : 2024-11-21 07:28


NVD link : CVE-2022-45178

Mitre link : CVE-2022-45178

CVE.ORG link : CVE-2022-45178


JSON object : View

Products Affected

liveboxcloud

  • vdesk