CVE-2023-35794

Name of the Vulnerable Software and Affected Versions Cassia Access Controller version 2.1.1.2303271039

Description An issue was discovered in the Cassia Access Controller where the Web SSH terminal endpoint, also known as the spawned console, can be accessed without proper authentication. The Access Controller lacks session cookie validation and instead relies solely on Basic Authentication to the SSH console.

Recommendations For Cassia Access Controller version 2.1.1.2303271039, consider disabling access to the Web SSH terminal endpoint until a patch is available that implements proper session cookie validation. Restrict access to the SSH console to minimize the risk of exploitation by only allowing authenticated and authorized users to access the console. At the moment, there is no information about a newer version that contains a fix for this vulnerability.