PT-2024-11690 · Unknown · Livebox Collaboration Vdesk

Mario Cola

Published

2024-05-28

Updated

2024-08-26

CVE-2022-45171

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LIVEBOX Collaboration vDesk versions through v018

Description An issue allows an Unrestricted Upload of a File with a Dangerous Type under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions.

Recommendations For LIVEBOX Collaboration vDesk versions through v018, restrict access to the vShare web site section to minimize the risk of exploitation. Consider implementing file type restrictions and validation to prevent the upload of dangerous files until a fix is available.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-45171

Affected Products

Livebox Collaboration Vdesk

PT-2024-11690 · Unknown · Livebox Collaboration Vdesk

CVE-2022-45171

Weakness Enumeration

Related Identifiers

Affected Products

References · 4