Login Sign Up

CVE-2022-45173

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to bypass two-factor authentication in LIVEBOX Collaboration vDesk by manipulating client-side verification of TOTP challenges. Attackers can modify API responses to trick the application into accepting invalid authentication codes. This affects all users of vDesk through version v018.

💻 Affected Systems

Products:
  • LIVEBOX Collaboration vDesk
Versions: through v018
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments with the vulnerable API endpoint are affected regardless of configuration.

📦 What is this software?

Vdesk by Liveboxcloud

View all CVEs affecting Vdesk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover leading to unauthorized access to collaboration systems, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Unauthorized access to user accounts, potential data theft, and privilege escalation within the vDesk platform.

🟢

If Mitigated

Limited impact if strong network segmentation, monitoring, and additional authentication layers are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires network access to the API endpoint and ability to intercept/modify HTTP responses.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v019 or later

Vendor Advisory: https://www.gruppotim.it/it/footer/red-team.html

Restart Required: Yes

Instructions:

1. Contact LIVEBOX Collaboration support for patch v019 or later. 2. Backup current configuration. 3. Apply the update following vendor instructions. 4. Restart the vDesk service. 5. Verify the fix by testing 2FA functionality.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict access to the vulnerable API endpoint using firewall rules

iptables -A INPUT -p tcp --dport [vDesk-port] -s [trusted-networks] -j ACCEPT
iptables -A INPUT -p tcp --dport [vDesk-port] -j DROP

Web Application Firewall

all

Implement WAF rules to detect and block manipulation of /api/v1/vdeskintegration/challenge responses

🧯 If You Can't Patch

  • Implement network-level monitoring for suspicious API requests to the challenge endpoint
  • Enforce additional authentication factors beyond the vulnerable 2FA implementation

🔍 How to Verify

Check if Vulnerable:

Check if API endpoint /api/v1/vdeskintegration/challenge exists and returns client-verifiable TOTP responses

Check Version:

Check vDesk admin interface or contact vendor for version information

Verify Fix Applied:

Test 2FA functionality with invalid codes - they should be rejected server-side

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed 2FA attempts followed by successful login from same IP
  • Unusual API requests to /api/v1/vdeskintegration/challenge

Network Indicators:

  • Manipulated HTTP responses to challenge endpoint
  • Unusual traffic patterns to authentication APIs

SIEM Query:

source="vdesk-logs" AND (uri="/api/v1/vdeskintegration/challenge" OR event="2fa_bypass")

📊 Metadata

CVE ID: CVE-2022-45173
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
Published: April 14, 2023
Last Updated: February 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-45173, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)