vulnerability
Pulse Secure Pulse Connect Secure: CVE-2017-11455: CSRF vulnerability in Pulse Connect Secure / Pulse Policy Secure (SA40793)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Aug 29, 2017 | Oct 28, 2020 | Feb 15, 2024 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Aug 29, 2017
Added
Oct 28, 2020
Modified
Feb 15, 2024
Description
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.
Solution(s)
pulse-secure-pulse-connect-secure-upgrade-8_0r17pulse-secure-pulse-connect-secure-upgrade-8_1r12pulse-secure-pulse-connect-secure-upgrade-8_2r6pulse-secure-pulse-connect-secure-upgrade-8_3r1

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.