CVE-2023-35794
https://notcve.org/view.php?id=CVE-2023-35794
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console. Se descubrió un problema en Cassia Access Controller 2.1.1.2303271039. Se puede acceder al endpoint del terminal Web SSH (consola generada) sin autenticación. • https://github.com/Dodge-MPTC/CVE-2023-35794-WebSSH-Hijacking https://blog.kscsc.online/cves/202335794/md.html https://www.cassianetworks.com/products/iot-access-controller • CWE-287: Improper Authentication •
CVE-2023-35793
https://notcve.org/view.php?id=CVE-2023-35793
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks. Se descubrió un problema en Cassia Access Controller 2.1.1.2303271039. Establecer una sesión web SSH para puertas de enlace es vulnerable a ataques de Cross Site Request Forgery (CSRF). • https://github.com/Dodge-MPTC/CVE-2023-35793-CSRF-On-Web-SSH https://blog.kscsc.online/cves/202335793/md.html https://www.cassianetworks.com/products/iot-access-controller • CWE-352: Cross-Site Request Forgery (CSRF) •