CVE-2023-35794

HIGH

Cassia Access Controller 2.1.1.2303271039 - Unauthenticated Web SSH Terminal Access

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-35794. PoCs published by Dodge-MPTC.

AI-analyzed exploit summary This repository provides a detailed writeup of CVE-2023-35794, an incorrect access control vulnerability in Cassia Networks Access Controller. It describes how WebSSH sessions can be hijacked without authentication, leveraging default credentials and potentially chaining with CVE-2023-35793 for CSRF exploitation.

Description

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console.

Exploits (1)

nomisec WRITEUP 3 stars
by Dodge-MPTC · poc
https://github.com/Dodge-MPTC/CVE-2023-35794-WebSSH-Hijacking

This repository provides a detailed writeup of CVE-2023-35794, an incorrect access control vulnerability in Cassia Networks Access Controller. It describes how WebSSH sessions can be hijacked without authentication, leveraging default credentials and potentially chaining with CVE-2023-35793 for CSRF exploitation.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Cassia Networks Access Controller (Cassia-AC-2.1.1.2303271039)
No auth needed
Prerequisites: Knowledge of target MAC address · Default or known SSH credentials · Active WebSSH session (potentially via CVE-2023-35793)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0094
EPSS Percentile 56.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (1)
cassianetworks/access_controller 2.1.1.2303271039
Published Oct 27, 2023
Tracked Since Feb 18, 2026