CVE-2023-39371 – StarTrinity Softswitch version 2023-02-16 conta... (How to Fix)

Q: What is the severity of CVE-2023-39371?

CVE-2023-39371 has a CVSS score of 8.8 (HIGH). StarTrinity Softswitch version 2023-02-16 contains an open redirect vulnerability (CWE-601) that allows attackers to redirect users to malicious websites. This affects organizations using this specific version of the VoIP softswitch software. Attackers can exploit this to conduct phishing attacks or redirect users to malware.

📋 TL;DR

StarTrinity Softswitch version 2023-02-16 contains an open redirect vulnerability (CWE-601) that allows attackers to redirect users to malicious websites. This affects organizations using this specific version of the VoIP softswitch software. Attackers can exploit this to conduct phishing attacks or redirect users to malware.

💻 Affected Systems

Products:

StarTrinity Softswitch

Versions: 2023-02-16

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific 2023-02-16 version. Other versions may be unaffected.

📦 What is this software?

Softswitch by Startrinity

View all CVEs affecting Softswitch →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users redirected to sophisticated phishing sites that steal credentials or install malware, leading to full system compromise and data exfiltration.

🟠

Likely Case

Users redirected to phishing pages attempting to steal login credentials or personal information.

🟢

If Mitigated

Limited impact with proper user awareness training and browser security controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Open redirect vulnerabilities typically require minimal technical skill to exploit once the vulnerable endpoint is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.gov.il/en/Departments/faq/cve_advisories

Restart Required: No

Instructions:

1. Check vendor advisory for patch availability. 2. If patch exists, download and apply according to vendor instructions. 3. Verify the fix by testing redirect functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation to reject or sanitize URLs in redirect parameters

Implement URL validation in application code to only allow relative paths or approved domains

Web Application Firewall Rule

all

Block requests containing suspicious redirect parameters

Configure WAF to block requests with external URLs in redirect parameters

🧯 If You Can't Patch

Implement network segmentation to isolate the softswitch from critical systems
Deploy web application firewall with rules to detect and block open redirect attempts

🔍 How to Verify

Check if Vulnerable:

Test redirect functionality by attempting to redirect to external domains using crafted URLs

Check Version:

Check software version in administration interface or configuration files

Verify Fix Applied:

Verify that redirects only work for relative paths or approved domains

📡 Detection & Monitoring

Log Indicators:

HTTP requests with external URLs in redirect parameters
Unusual redirect patterns in access logs

Network Indicators:

HTTP 302/301 redirects to suspicious external domains
Unusual traffic patterns following redirects

SIEM Query:

source="softswitch" AND (url="*redirect=*http://*" OR url="*redirect=*https://*")

📊 Metadata

CVE ID: CVE-2023-39371

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H

CWE: CWE-601

Published: September 3, 2023

Last Updated: November 21, 2024

🔗 References

https://www.gov.il/en/Departments/faq/cve_advisories Third Party Advisory
https://www.gov.il/en/Departments/faq/cve_advisories Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39371, you might also want to check these: