CVE-2023-35794

HIGH

Cassianetworks Access Controller - Authentication Bypass

Title source: rule

Description

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console.

Exploits (1)

nomisec WRITEUP 3 stars

by Dodge-MPTC · poc

https://github.com/Dodge-MPTC/CVE-2023-35794-WebSSH-Hijacking

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit, Third Party Advisory

https://github.com/Dodge-MPTC/CVE-2023-35794-WebSSH-Hijacking

Product

https://www.cassianetworks.com/products/iot-access-controller/

Various Sources

https://blog.kscsc.online/cves/202335794/md.html

Scores

CVSS v3 8.8

EPSS 0.0031

EPSS Percentile 54.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

cassianetworks/access_controller 2.1.1.2303271039

Published Oct 27, 2023

Tracked Since Feb 18, 2026