Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
The affected API returns responses with the Content-Type header set to text/html instead of the correct application/json. The browser or HTTP client interprets the response content as HTML, which opens the possibility of embedding and executing malicious HTML or JavaScript code in the context of that response. The error is classified as CWE-754 (Improper Check for Unusual or Exceptional Conditions), which means a lack of proper verification and sanitization of API output data.
An attacker can potentially inject and execute malicious HTML/JavaScript code in the victim's browser (XSS), which may lead to session hijacking, credential theft, or execution of unauthorized actions on behalf of the user. The full CVSS 10.0 vector indicates a possible critical impact on confidentiality, integrity, and availability of both the target system and related systems.
Apply patches available from the manufacturer in accordance with references published at https://azure-access.com/security-advisories. Until the update is applied, it is recommended to restrict access to affected APIs only to trusted networks and monitor network traffic for suspicious responses.
Azure-Access BLU-IC2 in versions up to and including 1.19.5 and Azure-Access BLU-IC4 in versions up to and including 1.19.5 (along with corresponding firmware versions).
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XAzure Access Blu Ic2
HWAzure-Accesswszystkie wersjeAzure Access Blu Ic2 Firmware
OSAzure-Access< 1.20Azure Access Blu Ic4
HWAzure-Accesswszystkie wersjeAzure Access Blu Ic4 Firmware
OSAzure-Access< 1.20
Related vulnerabilities
Krytyczna podatność Web UI w urządzeniach Azure-Access BLU-IC2/IC4
Współdzielenie statycznych sekretów SDKSocket w urządzeniach Azure-Access BLU-IC2/IC4
Podatność DoS (SlowLoris) w Azure-Access BLU-IC2 i BLU-IC4
Wyłączona weryfikacja certyfikatu serwera e-mail w Azure-Access BLU-IC2/IC4
Brak obsługi błędów HTTP 5xx w Azure-Access BLU-IC2 i BLU-IC4