CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31445
https://notcve.org/view.php?id=CVE-2023-31445
Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users. • https://github.com/Dodge-MPTC/CVE-2023-31445-Unprivileged-Information-Disclosure https://blog.kscsc.online/cves/202331445/md.html https://www.cassianetworks.com • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22685 – Cassia Networks Access Controller Path Traversal
https://notcve.org/view.php?id=CVE-2021-22685
An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1. Un atacante puede ser capaz de usar minify route con una ruta relativa para visualizar cualquier archivo en Cassia Networks Access Controller versiones anteriores a 2.0.1 • https://www.cassianetworks.com/support/knowledge-base https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-02 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •