CVE-2017-11455: CSRF
First published: Tue Aug 29 2017(Updated: )
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pulse Secure Pulse Connect Secure | =8.1 | |
| Pulse Secure Pulse Connect Secure | =8.1r1.0 | |
| Pulse Secure Pulse Connect Secure | =8.2r1.0 | |
| Pulse Secure Pulse Connect Secure | =8.2r1.1 | |
| Pulse Secure Pulse Connect Secure | =8.2r2.0 | |
| Pulse Secure Pulse Connect Secure | =8.2r3.0 | |
| Pulse Secure Pulse Connect Secure | =8.2r3.1 | |
| Pulse Secure Pulse Connect Secure | =8.2r4.0 | |
| Pulse Secure Pulse Connect Secure | =8.2r4.1 | |
| Pulse Secure Pulse Connect Secure | =8.2r5.0 | |
| Pulse Policy Secure | =5.1r1.0 | |
| Pulse Policy Secure | =5.1r1.1 | |
| Pulse Policy Secure | =5.1r2.0 | |
| Pulse Policy Secure | =5.1r2.1 | |
| Pulse Policy Secure | =5.1r3.0 | |
| Pulse Policy Secure | =5.1r3.2 | |
| Pulse Policy Secure | =5.1r4.0 | |
| Pulse Policy Secure | =5.1r5.0 | |
| Pulse Policy Secure | =5.1r6.0 | |
| Pulse Policy Secure | =5.1r7.0 | |
| Pulse Policy Secure | =5.1r7.1 | |
| Pulse Policy Secure | =5.1r8.0 | |
| Pulse Policy Secure | =5.1r9.1 | |
| Pulse Policy Secure | =5.1r10 | |
| Pulse Policy Secure | =5.2r1.0 | |
| Pulse Policy Secure | =5.2r2.0 | |
| Pulse Policy Secure | =5.2r3.0 | |
| Pulse Policy Secure | =5.2r3.2 | |
| Pulse Policy Secure | =5.2r4.0 | |
| Pulse Policy Secure | =5.2r5.0 | |
| Pulse Policy Secure | =5.2r6.0 | |
| Pulse Policy Secure | =5.2r7.0 | |
| Pulse Policy Secure | =5.2r7.1 | |
| Pulse Policy Secure | =5.2r8.0 | |
| Pulse Policy Secure | =5.3r1.0 | |
| Pulse Policy Secure | =5.3r1.1 | |
| Pulse Policy Secure | =5.3r2.0 | |
| Pulse Policy Secure | =5.3r3.0 | |
| Pulse Policy Secure | =5.3r3.1 | |
| Pulse Policy Secure | =5.3r4.0 | |
| Pulse Policy Secure | =5.3r4.1 | |
| Pulse Policy Secure | =5.3r5.0 | |
| Pulse Policy Secure | =5.3r5.1 | |
| Pulse Policy Secure | =5.3r5.2 | |
| Pulse Policy Secure | =5.3r6.0 | |
| Pulse Policy Secure | =5.3r7.0 | |
| Pulse Policy Secure | =5.3r8.0 | |
| Ivanti Connect Secure (ICS) VPN | =8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-11455?
CVE-2017-11455 has a medium severity rating due to its potential to allow remote attackers to hijack administrator authentication.
How do I fix CVE-2017-11455?
To fix CVE-2017-11455, update your Pulse Connect Secure or Pulse Policy Secure software to the latest version that addresses the vulnerability.
Which versions are affected by CVE-2017-11455?
CVE-2017-11455 affects Pulse Connect Secure versions 8.1R1 to 8.2R5 and Pulse Policy Secure versions 5.1R1 to 5.3R5.
What type of vulnerability is CVE-2017-11455?
CVE-2017-11455 is a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to hijack administrator sessions.
Is there a known workaround for CVE-2017-11455?
There is no specific workaround for CVE-2017-11455, making it essential to apply the necessary updates as soon as possible.
- agent/references
- agent/severity
- agent/type
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/pulsesecure
- canonical/pulse secure pulse connect secure
- version/pulse secure pulse connect secure/8.1
- version/pulse secure pulse connect secure/8.1r1.0
- version/pulse secure pulse connect secure/8.2r1.0
- version/pulse secure pulse connect secure/8.2r1.1
- version/pulse secure pulse connect secure/8.2r2.0
- version/pulse secure pulse connect secure/8.2r3.0
- version/pulse secure pulse connect secure/8.2r3.1
- version/pulse secure pulse connect secure/8.2r4.0
- version/pulse secure pulse connect secure/8.2r4.1
- version/pulse secure pulse connect secure/8.2r5.0
- canonical/pulse policy secure
- version/pulse policy secure/5.1r1.0
- version/pulse policy secure/5.1r1.1
- version/pulse policy secure/5.1r2.0
- version/pulse policy secure/5.1r2.1
- version/pulse policy secure/5.1r3.0
- version/pulse policy secure/5.1r3.2
- version/pulse policy secure/5.1r4.0
- version/pulse policy secure/5.1r5.0
- version/pulse policy secure/5.1r6.0
- version/pulse policy secure/5.1r7.0
- version/pulse policy secure/5.1r7.1
- version/pulse policy secure/5.1r8.0
- version/pulse policy secure/5.1r9.1
- version/pulse policy secure/5.1r10
- version/pulse policy secure/5.2r1.0
- version/pulse policy secure/5.2r2.0
- version/pulse policy secure/5.2r3.0
- version/pulse policy secure/5.2r3.2
- version/pulse policy secure/5.2r4.0
- version/pulse policy secure/5.2r5.0
- version/pulse policy secure/5.2r6.0
- version/pulse policy secure/5.2r7.0
- version/pulse policy secure/5.2r7.1
- version/pulse policy secure/5.2r8.0
- version/pulse policy secure/5.3r1.0
- version/pulse policy secure/5.3r1.1
- version/pulse policy secure/5.3r2.0
- version/pulse policy secure/5.3r3.0
- version/pulse policy secure/5.3r3.1
- version/pulse policy secure/5.3r4.0
- version/pulse policy secure/5.3r4.1
- version/pulse policy secure/5.3r5.0
- version/pulse policy secure/5.3r5.1
- version/pulse policy secure/5.3r5.2
- version/pulse policy secure/5.3r6.0
- version/pulse policy secure/5.3r7.0
- version/pulse policy secure/5.3r8.0
- vendor/ivanti
- canonical/ivanti connect secure (ics) vpn
- version/ivanti connect secure (ics) vpn/8.1