Vulnerability Details : CVE-2017-11193
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2017-11193
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-11193
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-11193
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2017-11193
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-11193
-
http://www.securityfocus.com/bid/99621
Pulse Connect Secure CVE-2017-11193 Cross-Site Request Forgery Vulnerability
-
http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf
Third Party Advisory
-
https://twitter.com/sxcurity/status/884556905145937921
Corben Leo on Twitter: "[New] Pulse Connect Secure (Enterprise-Level SSL VPN) - Multiple XSS & CSRF leading to Command Injection https://t.co/13sSu1Dl0w"Third Party Advisory
Jump to