Vulnerability Details CVE-2022-45173
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the application into concluding that the TOTP was correct.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.6%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2022-45173
-
cpe:2.3:a:liveboxcloud:vdesk:-
-
cpe:2.3:a:liveboxcloud:vdesk:018