H3C Access Controller
by Microfocus
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-35794 | 0.00 | — | 0.00 | Oct 27, 2023 | An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication… | |||
| CVE-2023-35793 | 0.00 | — | 0.00 | Sep 26, 2023 | An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks. | |||
| CVE-2023-31445 | 0.00 | — | 0.03 | May 11, 2023 | Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users. | |||
| CVE-2021-22685 | 0.00 | — | 0.00 | Oct 14, 2022 | An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1. | |||
| CVE-2017-20040 | 0.00 | — | 0.00 | Jun 11, 2022 | A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement. | |||
| CVE-2017-20039 | 0.00 | — | 0.00 | Jun 11, 2022 | A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely. | |||
| CVE-2017-20038 | 0.00 | — | 0.00 | Jun 11, 2022 | A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched… | |||
| CVE-2017-20037 | 0.00 | — | 0.00 | Jun 11, 2022 | A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely. | |||
| CVE-2012-3268 | 0.00 | — | 0.02 | Feb 1, 2013 | Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and… |
- CVE-2023-35794Oct 27, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication…
- CVE-2023-35793Sep 26, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks.
- CVE-2023-31445May 11, 2023risk 0.00cvss —epss 0.03
Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users.
- CVE-2021-22685Oct 14, 2022risk 0.00cvss —epss 0.00
An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1.
- CVE-2017-20040Jun 11, 2022risk 0.00cvss —epss 0.00
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement.
- CVE-2017-20039Jun 11, 2022risk 0.00cvss —epss 0.00
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely.
- CVE-2017-20038Jun 11, 2022risk 0.00cvss —epss 0.00
A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched…
- CVE-2017-20037Jun 11, 2022risk 0.00cvss —epss 0.00
A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely.
- CVE-2012-3268Feb 1, 2013risk 0.00cvss —epss 0.02
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and…