CVE-2023-35794

Summary

CVE-2023-35794 is a vulnerability affecting Cassia Access Controller version 2.1.1.2303271039. This issue allows unauthenticated access to the Web SSH terminal endpoint, which can be exploited through Basic Authentication with no session cookie validation in place. Attackers can potentially gain unauthorized access to the system and execute commands, posing a significant risk to network security. Organizations using this version of Cassia Access Controller are urged to update to a patched version as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.