CVE-2023-39369 – StarTrinity Softswitch version 2023-02-16 conta... (How to Fix)

Q: What is the severity of CVE-2023-39369?

CVE-2023-39369 has a CVSS score of 8.8 (HIGH). StarTrinity Softswitch version 2023-02-16 contains multiple reflected cross-site scripting (XSS) vulnerabilities that allow attackers to inject malicious scripts into web pages viewed by users. This affects organizations using this specific version of the VoIP softswitch software. Attackers can execute arbitrary JavaScript in the context of victim users' browsers.

📋 TL;DR

StarTrinity Softswitch version 2023-02-16 contains multiple reflected cross-site scripting (XSS) vulnerabilities that allow attackers to inject malicious scripts into web pages viewed by users. This affects organizations using this specific version of the VoIP softswitch software. Attackers can execute arbitrary JavaScript in the context of victim users' browsers.

💻 Affected Systems

Products:

StarTrinity Softswitch

Versions: 2023-02-16 version

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of the specified version are vulnerable regardless of configuration.

📦 What is this software?

Softswitch by Startrinity

View all CVEs affecting Softswitch →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on user systems.

🟠

Likely Case

Session hijacking leading to unauthorized access to the softswitch administration interface, potentially allowing VoIP service disruption or toll fraud.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and Content Security Policy headers in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Reflected XSS typically requires user interaction (clicking a malicious link) but is straightforward to exploit once identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later versions after 2023-02-16

Vendor Advisory: https://www.gov.il/en/Departments/faq/cve_advisories

Restart Required: Yes

Instructions:

1. Download latest version from StarTrinity website. 2. Backup current installation. 3. Install updated version. 4. Restart softswitch service.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF with XSS protection rules to filter malicious input.

Content Security Policy

all

Implement CSP headers to restrict script execution sources.

Add 'Content-Security-Policy: script-src 'self'' to HTTP headers

🧯 If You Can't Patch

Isolate the softswitch management interface to internal network only
Implement strict input validation and output encoding in custom configurations

🔍 How to Verify

Check if Vulnerable:

Check if running StarTrinity Softswitch version 2023-02-16 via admin interface or installation directory.

Check Version:

Check web interface footer or installation directory readme files for version information.

Verify Fix Applied:

Verify version is updated to later than 2023-02-16 and test XSS payloads no longer execute.

📡 Detection & Monitoring

Log Indicators:

Unusual long parameter values in HTTP requests
Script tags or JavaScript in URL parameters

Network Indicators:

HTTP requests with encoded script payloads in query strings

SIEM Query:

web.url:*<script* OR web.url:*javascript:*

📊 Metadata

CVE ID: CVE-2023-39369

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H

CWE: CWE-79

Published: September 3, 2023

Last Updated: November 21, 2024

🔗 References

https://www.gov.il/en/Departments/faq/cve_advisories Third Party Advisory
https://www.gov.il/en/Departments/faq/cve_advisories Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39369, you might also want to check these: