Lucene search
+L
CassianetworksAccess Controller

4 matches found

CVE
CVE
added 2023/10/27 12:0 a.m.65 views

CVE-2023-35794

CVE-2023-35794 affects Cassia Access Controller 2.1.1.2303271039. The issue is unprotected access to the Web SSH terminal endpoint (spawned console) due to lack of session cookie validation; only Basic Authentication to the SSH console is used. This allows unauthenticated access to the console, e...

8.8CVSS8.6AI score0.00942EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.64 views

CVE-2021-22685

The CVE-2021-22685 issue is a path-traversal vulnerability in Cassia Networks Access Controller prior to version 2.0.1. The flaw allows an attacker to use the minify route with a relative path to view arbitrary server files, potentially exposing sensitive data. Affected product: Cassia Networks A...

7.5CVSS6.7AI score0.00588EPSS
CVE
CVE
added 2023/09/26 12:0 a.m.48 views

CVE-2023-35793

Cassia Networks Cassia Access Controller 2.1.1.2303271039 exposes a CSRF vulnerability in the Web SSH session to gateways. Root cause appears related to insufficient authentication of executed requests, enabling CSRF when establishing a web SSH session. Affected component: Web SSH/session establi...

8.8CVSS8.7AI score0.00888EPSS
CVE
CVE
added 2023/05/11 12:0 a.m.46 views

CVE-2023-31445

CVE-2023-31445 affects Cassia Access Controller prior to 2.1.1.2203171453. The issue is an unprivileged information-disclosure vulnerability enabling read-only users to enumerate all users and obtain emails, phone numbers, and privileges. The affected version is prior to 2.1.1.2203171453; remedia...

5.3CVSS5.3AI score0.01155EPSS