Lucene search

MitreCVE-2022-45170

HistoryApr 14, 2023 - 2:15 p.m.

CVE-2022-45170

2023-04-1414:15:10

CWE-327

mitre

web.nvd.nist.gov

cve-2022-45170

livebox collaboration

vdesk

cryptographic issue

api

security vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

29.8%

JSON

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim’s account, is able to decipher a file without knowing the key set by the user.

Affected configurations

Nvd

Node

liveboxcloudvdeskRange≤018

VendorProductVersionCPE
liveboxcloudvdesk*cpe:2.3:a:liveboxcloud:vdesk:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
liveboxcloud	vdesk	*	cpe:2.3:a:liveboxcloud:vdesk::::::::

References

www.gruppotim.it/it/footer/red-team.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

29.8%

JSON

Related for CVE-2022-45170