Security Advisory

CVE-2023-35794

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-27 00:00:00

Last updated 2024-08-02 16:30:45

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console.

← Browse all CVEs View on cve.org ↗