3 matches found
SA40793 - CSRF vulnerability in Pulse Connect Secure / Pulse Policy Secure (CVE-2017-11455)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A vulnerability in diag.cgi may allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens. PSIRT is no...
CVE-2017-11455
CVE-2017-11455 affects Pulse Connect Secure diag.cgi and Pulse Policy Secure diag.cgi, enabling remote attackers to hijack administrator authentication for requests to start tcpdump due to missing anti-CSRF tokens. Affected: Pulse Connect Secure versions 8.2R1–8.2R5 and 8.1R1–8.1R10; Pulse Policy...
CVE-2017-11455
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CS...