CVE-2023-31445

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cassia Access controller versions prior to 2.1.1.2203171453

Description The issue allows read-only users to enumerate all other users and discover sensitive information, including e-mail addresses, phone numbers, and privileges of all other users.

Recommendations For versions prior to 2.1.1.2203171453, update to version 2.1.1.2203171453 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive user information until the update is applied.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2023-31445

Affected Products

Cassia Access Controller

CVE-2023-31445

Weakness Enumeration

Related Identifiers

Affected Products

References · 7