Vulnerability Details CVE-2017-11193
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://www.securityfocus.com/bid/99621
- http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf
- https://twitter.com/sxcurity/status/884556905145937921
- http://www.securityfocus.com/bid/99621
- http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf
- https://twitter.com/sxcurity/status/884556905145937921
Products affected by CVE-2017-11193
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r1.0