CVE-2023-35793 – This CSRF vulnerability in Cassia Access Contro... (How to Fix)

Q: What is the severity of CVE-2023-35793?

CVE-2023-35793 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in Cassia Access Controller allows attackers to trick authenticated users into performing unauthorized web SSH actions to gateways. It affects organizations using Cassia Access Controller 2.1.1.2303271039 for IoT device management.

📋 TL;DR

This CSRF vulnerability in Cassia Access Controller allows attackers to trick authenticated users into performing unauthorized web SSH actions to gateways. It affects organizations using Cassia Access Controller 2.1.1.2303271039 for IoT device management.

💻 Affected Systems

Products:

Cassia Access Controller

Versions: 2.1.1.2303271039

Operating Systems: Not specified

Default Config Vulnerable: ⚠️ Yes

Notes: Requires web SSH functionality to be enabled and accessible to authenticated users.

📦 What is this software?

Access Controller by Cassianetworks

View all CVEs affecting Access Controller →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could establish unauthorized SSH connections to gateways, potentially gaining control over IoT devices, intercepting data, or launching further attacks within the network.

🟠

Likely Case

Attackers could perform unauthorized SSH operations on gateways, potentially modifying configurations, accessing device data, or disrupting IoT device communications.

🟢

If Mitigated

With proper CSRF protections and network segmentation, impact is limited to isolated gateway management functions without broader network compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires tricking an authenticated user into visiting a malicious webpage while logged into the Access Controller.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not found in provided references

Restart Required: No

Instructions:

No official patch available. Check Cassia Networks website for security updates or contact vendor support.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF protection tokens to web SSH session requests

Requires application code modification

Disable Web SSH

all

Disable web SSH functionality if not required

Configuration dependent - check Cassia documentation

🧯 If You Can't Patch

Implement network segmentation to isolate Access Controller from critical systems
Use browser extensions that block CSRF attacks and educate users about phishing risks

🔍 How to Verify

Check if Vulnerable:

Check if running Cassia Access Controller version 2.1.1.2303271039 with web SSH enabled

Check Version:

Check web interface or system configuration for version information

Verify Fix Applied:

Test web SSH functionality with CSRF testing tools like Burp Suite or OWASP ZAP

📡 Detection & Monitoring

Log Indicators:

Unexpected SSH session establishments
Multiple failed authentication attempts from same source

Network Indicators:

Unusual SSH traffic patterns from web interface
Cross-origin requests to web SSH endpoints

SIEM Query:

source="cassia_access_controller" AND (event="ssh_session" OR event="web_ssh") AND user!=expected_user

📊 Metadata

CVE ID: CVE-2023-35793

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: September 27, 2023

Last Updated: November 21, 2024

🔗 References

https://blog.kscsc.online/cves/202335793/md.html
https://github.com/Dodge-MPTC/CVE-2023-35793-CSRF-On-Web-SSH Exploit,Third Party Advisory
https://www.cassianetworks.com/products/iot-access-controller/ Product
https://blog.kscsc.online/cves/202335793/md.html
https://github.com/Dodge-MPTC/CVE-2023-35793-CSRF-On-Web-SSH Exploit,Third Party Advisory
https://www.cassianetworks.com/products/iot-access-controller/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35793, you might also want to check these: