Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2023-31445

Description

Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users.

POC

Reference

- https://blog.kscsc.online/cves/202331445/md.html

- https://github.com/Dodge-MPTC/CVE-2023-31445-Unprivileged-Information-Disclosure

- https://www.swiruhack.online/cves/202331445/md.html

Github

- https://github.com/Dodge-MPTC/CVE-2023-31445-Unprivileged-Information-Disclosure

- https://github.com/nomi-sec/PoC-in-GitHub