8.8
CVE-2017-11455
- EPSS 1.31%
- Veröffentlicht 29.08.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ivanti ≫ Connect Secure Version8.1
Pulsesecure ≫ Pulse Connect Secure Version8.1r1.0
Pulsesecure ≫ Pulse Connect Secure Version8.2r1.0
Pulsesecure ≫ Pulse Connect Secure Version8.2r1.1
Pulsesecure ≫ Pulse Connect Secure Version8.2r2.0
Pulsesecure ≫ Pulse Connect Secure Version8.2r3.0
Pulsesecure ≫ Pulse Connect Secure Version8.2r3.1
Pulsesecure ≫ Pulse Connect Secure Version8.2r4.0
Pulsesecure ≫ Pulse Connect Secure Version8.2r4.1
Pulsesecure ≫ Pulse Connect Secure Version8.2r5.0
Pulsesecure ≫ Pulse Policy Secure Version5.1r1.0
Pulsesecure ≫ Pulse Policy Secure Version5.1r1.1
Pulsesecure ≫ Pulse Policy Secure Version5.1r2.0
Pulsesecure ≫ Pulse Policy Secure Version5.1r2.1
Pulsesecure ≫ Pulse Policy Secure Version5.1r3.0
Pulsesecure ≫ Pulse Policy Secure Version5.1r3.2
Pulsesecure ≫ Pulse Policy Secure Version5.1r4.0
Pulsesecure ≫ Pulse Policy Secure Version5.1r5.0
Pulsesecure ≫ Pulse Policy Secure Version5.1r6.0
Pulsesecure ≫ Pulse Policy Secure Version5.1r7.0
Pulsesecure ≫ Pulse Policy Secure Version5.1r7.1
Pulsesecure ≫ Pulse Policy Secure Version5.1r8.0
Pulsesecure ≫ Pulse Policy Secure Version5.1r9.1
Pulsesecure ≫ Pulse Policy Secure Version5.1r10
Pulsesecure ≫ Pulse Policy Secure Version5.2r1.0
Pulsesecure ≫ Pulse Policy Secure Version5.2r2.0
Pulsesecure ≫ Pulse Policy Secure Version5.2r3.0
Pulsesecure ≫ Pulse Policy Secure Version5.2r3.2
Pulsesecure ≫ Pulse Policy Secure Version5.2r4.0
Pulsesecure ≫ Pulse Policy Secure Version5.2r5.0
Pulsesecure ≫ Pulse Policy Secure Version5.2r6.0
Pulsesecure ≫ Pulse Policy Secure Version5.2r7.0
Pulsesecure ≫ Pulse Policy Secure Version5.2r7.1
Pulsesecure ≫ Pulse Policy Secure Version5.2r8.0
Pulsesecure ≫ Pulse Policy Secure Version5.3r1.0
Pulsesecure ≫ Pulse Policy Secure Version5.3r1.1
Pulsesecure ≫ Pulse Policy Secure Version5.3r2.0
Pulsesecure ≫ Pulse Policy Secure Version5.3r3.0
Pulsesecure ≫ Pulse Policy Secure Version5.3r3.1
Pulsesecure ≫ Pulse Policy Secure Version5.3r4.0
Pulsesecure ≫ Pulse Policy Secure Version5.3r4.1
Pulsesecure ≫ Pulse Policy Secure Version5.3r5.0
Pulsesecure ≫ Pulse Policy Secure Version5.3r5.1
Pulsesecure ≫ Pulse Policy Secure Version5.3r5.2
Pulsesecure ≫ Pulse Policy Secure Version5.3r6.0
Pulsesecure ≫ Pulse Policy Secure Version5.3r7.0
Pulsesecure ≫ Pulse Policy Secure Version5.3r8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.31% | 0.668 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://www.securityfocus.com/bid/100530
http://www.securitytracker.com/id/1039242
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40793