Security Disclosure of Vulnerabilities: CVE-2023–40519
A cross-site scripting (XSS) vulnerability in the Broadpeak Centralized Accounts Management Auth Agent across several version.
Summary of CVE-2023–40519 Vulnerability Details
- CVE: CVE-2023–40519
- Affected Versions: Broadpeak Centralized Accounts Management Auth Agent
- 01.01.01.30097902_fd999e76
00.12.01.9565588_1254b459
01.01.00.19219575_ee9195b0 - How to Patch: Upgrade Auth Agent to the latest version
Description of CVE-2023–40519
Broadpeak is a company that specializes in providing content delivery network (CDN) technologies and video streaming solutions. Their products are designed to help content providers, service operators, and enterprises to deliver and monetize video content across a variety of networks and devices. They offer a wide range of solutions designed to improve video quality of service (QoS) and quality of experience (QoE), while also optimizing network resources.
Their products vary between CDN solutions for efficient video delivery, specialized video servers for scalable streaming, and multiscreen solutions for diverse devices. Broadpeak also offers ad insertion technologies, analytics tools for performance monitoring, cloud DVR for on-demand TV, network optimization software, and security solutions to ensure safe content streaming.
While conducting a penetration test on a client company specializing in IPTV that utilizes Broadpeak products, a Cross-Site Scripting (XSS) vulnerability was discovered in the Broadpeak Centralized Accounts Management Auth Agent. This is a managerial platform used for several Broadpeak products, like BKS400,BKM400... The affected vector resides in the /bpk-common/auth/login
URI, specifically in the disconnectMessage
parameter of the login file. This leads to a reflected XSS vulnerability that could be exploited to steal administrator credentials or run malicious payloads, particularly when combined with social engineering tactics. This vulnerability was validated on several product types and versions of the auth agent mentioned in the summary. MITRE was contacted and this CVE ID was assigned to this vulnerability
/bpk-common/auth/login?url=productName=BkS400&disconnectMessage=<script>alert(%27XSS%20POC%27)</script>
Important: The vendor was notified of this vulnerability and has issued patches in upcoming updates. A variety of companies using Broadpeak products are affected by CVE-2023–40519. It is strongly recommended that platforms be updated to the latest version to mitigate this security risk.
Thanks,
Ali Mustafa
Email: adx@live.com