CVE-2023-35794

{"id": "CVE-2023-35794", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-10-27T21:15:08.513", "references": [{"url": "https://blog.kscsc.online/cves/202335794/md.html", "source": "cve@mitre.org"}, {"url": "https://github.com/Dodge-MPTC/CVE-2023-35794-WebSSH-Hijacking", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.cassianetworks.com/products/iot-access-controller/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Cassia Access Controller 2.1.1.2303271039. Se puede acceder al endpoint del terminal Web SSH (consola generada) sin autenticaci\u00f3n. Espec\u00edficamente, no existe una validaci\u00f3n de cookies de sesi\u00f3n en el Controlador de Acceso; en cambio, solo existe Autenticaci\u00f3n B\u00e1sica para la consola SSH."}], "lastModified": "2024-01-29T21:15:08.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cassianetworks:access_controller:2.1.1.2303271039:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD4C512A-48EB-43EB-9CAA-CE05673F71D5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}