cve/CVE-2023-35794.md at dd6a10065df501f0a524d47b55e162f16811ba93

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console.

POC

Reference

No PoCs from references.

Github

https://github.com/Dodge-MPTC/CVE-2023-35794-WebSSH-Hijacking
https://github.com/nomi-sec/PoC-in-GitHub

817 B Raw Blame History

CVE-2023-35794

Description

POC

Reference

Github

817 B

Raw Blame History