CVE-2023-35794
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Oct 27, 2023
Updated: Jan 29, 2024
CWE ID 287
Summary
CVE-2023-35794 is a vulnerability affecting Cassia Access Controller version 2.1.1.2303271039. This issue allows unauthenticated access to the Web SSH terminal endpoint, which can be exploited through Basic Authentication with no session cookie validation in place. Attackers can potentially gain unauthorized access to the system and execute commands, posing a significant risk to network security. Organizations using this version of Cassia Access Controller are urged to update to a patched version as soon as possible to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Cassia Networks Access Controller
Affected Vendors
- Cassia Networks