Reset Search
 

 
Article

SA40793 - CSRF vulnerability in Pulse Connect Secure / Pulse Policy Secure (CVE-2017-11455)

Printable View
« Go Back

Information

 
Product Affected
Problem
A vulnerability in diag.cgi may allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.

PSIRT is not aware of any malicious exploitation of this vulnerability.

This issue has been assigned CVE-2017-11455.
Solution
The following software releases have been updated to resolve this specific issue: PCS 8.3R1, 8.2R6, 8.1R12, 8.0R17 and PPS 5.4R1, 5.3R6, 5.2R9, 5.1R12.
Workaround
Implementation
Related Links
CVSS Score4.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L
Risk Assessment
Acknowledgements
This vulnerability was discovered and responsibly reported to Pulse Secure by David Dworken.
Alert TypeSA - Security Advisory
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255