Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.811738
Category:Web application abuses
Title:Pulse Connect Secure CSRF Vulnerability (SA40793)
Summary:Pulse Connect Secure is prone to a cross-site request forgery; (CSRF) vulnerability.
Description:Summary:
Pulse Connect Secure is prone to a cross-site request forgery
(CSRF) vulnerability.

Vulnerability Insight:
The flaw exists due to improper input validation in 'diag.cgi'
script.

Vulnerability Impact:
Successful exploitation will allow remote attackers to hijack the
authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF
tokens. A remote user can create a specially crafted HTML page or URL that, when loaded by the
target authenticated user, will trigger a flaw in 'diag.cgi' and take actions on the target
interface acting as the target user.

Affected Software/OS:
Pulse Connect Secure 8.3x prior to 8.3R1, 8.2x prior to 8.2R6,
8.1x prior to 8.1R12 and 8.0x prior to 8.0R17.

Solution:
Update Pulse Connect Secure to version 8.3R1, 8.2R6, 8.1R12,
8.0R17 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 100530
Common Vulnerability Exposure (CVE) ID: CVE-2017-11455
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.