Published: 27/10/2023 Updated: 29/01/2024

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

An issue exists in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cassianetworks access controller 2.1.1.2303271039

Repository contains description for CVE-2023-35794 discovered by Dodge Industrial Team for Dodge OPTIFY platfrom.

CVE-2023-35794-WebSSH-Hijacking Repository contains description for CVE-2023-35794 discovered by Dodge Industrial Team for Dodge OPTIFY platfrom CVE ID: CVE-2023-35794 Vendor: Cassia Networks Product: Access Controller Version: Cassia-AC-2112303271039 Vulnerability: Incorrect Access Control Affected: web ssh, gateways Decription: WebSSH session can be hijacked Status: Con

CWE-287 https://github.com/Dodge-MPTC/CVE-2023-35794-WebSSH-Hijacking https://www.cassianetworks.com/products/iot-access-controller/https://blog.kscsc.online/cves/202335794/md.html https://nvd.nist.gov https://github.com/Dodge-MPTC/CVE-2023-35794-WebSSH-Hijacking

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-35794

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect