VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 27, 2023· Updated Aug 2, 2024

CVE-2023-35794

CVE-2023-35794

Description

Cassia Access Controller WebSSH endpoint lacks session cookie validation, allowing session hijacking without authentication except Basic Auth credentials.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cassia Access Controller WebSSH endpoint lacks session cookie validation, allowing session hijacking without authentication except Basic Auth credentials.

Vulnerability

Cassia Access Controller version 2.1.1.2303271039 uses WebSSH2 to establish SSH sessions from the AC to gateways. The WebSSH endpoint at /ssh/host does not validate the session cookie. Instead, only Basic Authentication is required, allowing unauthorized users to hijack an existing WebSSH session [1][2].

Exploitation

An attacker with network access can hijack a WebSSH session by knowing the SSH username and password (often default credentials like cassia:cassia-). The session establishment is triggered via a GET request to /ap/remote/?ssh_port=, and the attacker can then access the console using Basic Auth without a valid session cookie [1][2].

Impact

Successful exploitation allows an attacker to gain unauthorized access to the gateway device via the hijacked SSH session, potentially leading to full control over the gateway and connected IoT devices [1][2].

Mitigation

The vendor confirmed the issue and fixed it in version 2.1.1.2308181707. Users should upgrade to the patched version immediately [1][2]. No workaround is mentioned in the available references.

References
  1. CVE-2023-35794 | KSCSC Blog
  2. GitHub - Dodge-MPTC/CVE-2023-35794-WebSSH-Hijacking: Repository contains description for CVE-2023-35794 discovered by Dodge Industrial Team for Dodge OPTIFY platfrom.

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.