Lucene search
K

28 matches found

CVE
CVE
added 2023/10/27 12:0 a.m.62 views

CVE-2023-35794

CVE-2023-35794 affects Cassia Access Controller 2.1.1.2303271039. The issue is unprotected access to the Web SSH terminal endpoint (spawned console) due to lack of session cookie validation; only Basic Authentication to the SSH console is used. This allows unauthenticated access to the console, e...

8.8CVSS8.6AI score0.00942EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/10/27 12:0 a.m.27 views

CVE-2023-35794

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint spawned console can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console...

8.9AI score0.00942EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/10/23 12:0 a.m.6 views

PT-2023-25318 · Cassia · Cassia Access Controller

Name of the Vulnerable Software and Affected Versions: Cassia Access Controller version 2.1.1.2303271039 Description: An issue was discovered in the Cassia Access Controller where the Web SSH terminal endpoint, also known as the spawned console, can be accessed without proper authentication. The...

8.8CVSS8.6AI score0.00942EPSS
Exploits1References7
OSV
OSV
added 2023/09/27 3:18 p.m.10 views

CVE-2023-35793

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery CSRF attacks...

8.8CVSS5.8AI score0.00888EPSS
Exploits1References3
Prion
Prion
added 2023/09/27 3:18 p.m.16 views

Cross site request forgery (csrf)

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery CSRF attacks...

6.8CVSS8.7AI score0.00888EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/09/26 12:0 a.m.46 views

CVE-2023-35793

Cassia Networks Cassia Access Controller 2.1.1.2303271039 exposes a CSRF vulnerability in the Web SSH session to gateways. Root cause appears related to insufficient authentication of executed requests, enabling CSRF when establishing a web SSH session. Affected component: Web SSH/session establi...

8.8CVSS8.7AI score0.00888EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/09/26 12:0 a.m.21 views

CVE-2023-35793

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery CSRF attacks...

9AI score0.00888EPSS
Exploits1References3
OSV
OSV
added 2021/02/18 12:15 a.m.3 views

CVE-2020-12878

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory...

7.8CVSS7.2AI score0.00505EPSS
Exploits1References3
Rows per page
Query Builder