exploitDog

CVE-2022-45170

Опубликовано: 14 апр. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user.

Ссылки

https://www.gruppotim.it/it/footer/red-team.html
Exploit
Third Party Advisory
https://www.gruppotim.it/it/footer/red-team.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:liveboxcloud:vdesk:*:*:*:*:*:*:*:*

Версия до 018 (включая)

EPSS

Процентиль: 13%

0.00043

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-327

CWE-327

Связанные уязвимости

GHSA-hx37-3fvj-x3vr

CVSS3: 6.5

github

почти 3 года назад

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user.

EPSS

Процентиль: 13%

0.00043

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-327

CWE-327