28 matches found
CVE-2023-35794
CVE-2023-35794 affects Cassia Access Controller 2.1.1.2303271039. The issue is unprotected access to the Web SSH terminal endpoint (spawned console) due to lack of session cookie validation; only Basic Authentication to the SSH console is used. This allows unauthenticated access to the console, e...
CVE-2023-35794
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint spawned console can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console...
PT-2023-25318 · Cassia · Cassia Access Controller
Name of the Vulnerable Software and Affected Versions: Cassia Access Controller version 2.1.1.2303271039 Description: An issue was discovered in the Cassia Access Controller where the Web SSH terminal endpoint, also known as the spawned console, can be accessed without proper authentication. The...
CVE-2023-35793
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery CSRF attacks...
Cross site request forgery (csrf)
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery CSRF attacks...
CVE-2023-35793
Cassia Networks Cassia Access Controller 2.1.1.2303271039 exposes a CSRF vulnerability in the Web SSH session to gateways. Root cause appears related to insufficient authentication of executed requests, enabling CSRF when establishing a web SSH session. Affected component: Web SSH/session establi...
CVE-2023-35793
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery CSRF attacks...
CVE-2020-12878
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory...