CVE-2017-11455

EUVD-2017-3076
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
ivanticonnect_secure
8.1
pulsesecurepulse_connect_secure
8.1r1.0:r1.0
pulsesecurepulse_connect_secure
8.2r1.0:r1.0
pulsesecurepulse_connect_secure
8.2r1.1:r1.1
pulsesecurepulse_connect_secure
8.2r2.0:r2.0
pulsesecurepulse_connect_secure
8.2r3.0:r3.0
pulsesecurepulse_connect_secure
8.2r3.1:r3.1
pulsesecurepulse_connect_secure
8.2r4.0:r4.0
pulsesecurepulse_connect_secure
8.2r4.1:r4.1
pulsesecurepulse_connect_secure
8.2r5.0:r5.0
pulsesecurepulse_policy_secure
5.1r1.0:r1.0
pulsesecurepulse_policy_secure
5.1r1.1:r1.1
pulsesecurepulse_policy_secure
5.1r2.0:r2.0
pulsesecurepulse_policy_secure
5.1r2.1:r2.1
pulsesecurepulse_policy_secure
5.1r3.0:r3.0
pulsesecurepulse_policy_secure
5.1r3.2:r3.2
pulsesecurepulse_policy_secure
5.1r4.0:r4.0
pulsesecurepulse_policy_secure
5.1r5.0:r5.0
pulsesecurepulse_policy_secure
5.1r6.0:r6.0
pulsesecurepulse_policy_secure
5.1r7.0:r7.0
pulsesecurepulse_policy_secure
5.1r7.1:r7.1
pulsesecurepulse_policy_secure
5.1r8.0:r8.0
pulsesecurepulse_policy_secure
5.1r9.1:r9.1
pulsesecurepulse_policy_secure
5.1r10:r10
pulsesecurepulse_policy_secure
5.2r1.0:r1.0
pulsesecurepulse_policy_secure
5.2r2.0:r2.0
pulsesecurepulse_policy_secure
5.2r3.0:r3.0
pulsesecurepulse_policy_secure
5.2r3.2:r3.2
pulsesecurepulse_policy_secure
5.2r4.0:r4.0
pulsesecurepulse_policy_secure
5.2r5.0:r5.0
pulsesecurepulse_policy_secure
5.2r6.0:r6.0
pulsesecurepulse_policy_secure
5.2r7.0:r7.0
pulsesecurepulse_policy_secure
5.2r7.1:r7.1
pulsesecurepulse_policy_secure
5.2r8.0:r8.0
pulsesecurepulse_policy_secure
5.3r1.0:r1.0
pulsesecurepulse_policy_secure
5.3r1.1:r1.1
pulsesecurepulse_policy_secure
5.3r2.0:r2.0
pulsesecurepulse_policy_secure
5.3r3.0:r3.0
pulsesecurepulse_policy_secure
5.3r3.1:r3.1
pulsesecurepulse_policy_secure
5.3r4.0:r4.0
pulsesecurepulse_policy_secure
5.3r4.1:r4.1
pulsesecurepulse_policy_secure
5.3r5.0:r5.0
pulsesecurepulse_policy_secure
5.3r5.1:r5.1
pulsesecurepulse_policy_secure
5.3r5.2:r5.2
pulsesecurepulse_policy_secure
5.3r6.0:r6.0
pulsesecurepulse_policy_secure
5.3r7.0:r7.0
pulsesecurepulse_policy_secure
5.3r8.0:r8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/100530
http://www.securitytracker.com/id/1039242
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40793
http://www.securityfocus.com/bid/100530
http://www.securitytracker.com/id/1039242
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40793