CVE-2021-22685

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2021-22685
An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.cassianetworks.com/support/knowledge-base/ Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-02 Third Party Advisory US Government Resource
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:cassianetworks:access_controller:*:*:*:*:*:*:*:*
Information

Published : 2022-10-14 10:15

Updated : 2022-10-14 19:26

NVD link : CVE-2021-22685

Mitre link : CVE-2021-22685

JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa
Products Affected

cassianetworks

  • access_controller