CVE-2017-11193 Information

Description

Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel the diag.cgi file is responsible for running commands such as ping ping6 traceroute traceroute6 nslookup arp and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/99621 http://www.sxcurity.pro/Multiple20XSS20and20CSRF20in20Pulse20Connect20Secure20v8.3R1.pdf https://twitter.com/sxcurity/status/884556905145937921

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8