CVE-2023-35793

Name of the Vulnerable Software and Affected Versions Cassia Access Controller version 2.1.1.2303271039

Description The issue is related to insufficient authentication of executed requests in the Cassia Access Controller, which can allow a remote attacker to perform a Cross Site Request Forgery (CSRF) attack. This can be exploited when establishing a web SSH session to gateways.

Recommendations For Cassia Access Controller version 2.1.1.2303271039, consider disabling the web SSH session establishment to gateways as a temporary workaround until a patch is available. Restrict access to the gateway configuration to minimize the risk of exploitation. Avoid using the web SSH session feature in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.