CVE-2017-11194
published 2017-07-12CVE-2017-11194: Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is…
PriorityP425medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
0.68%
47.8th percentile
Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pulsesecure | pulse_connect_secure | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2017-11194
vendor_ivanti·2017-07-12·CVSS 6.1
CVE-2017-11194 [MEDIUM] CWE-79 Ivanti Security Advisory: CVE-2017-11194
Ivanti Security Advisory: CVE-2017-11194
Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc.
CVE IDs: CVE-2017-11194
CVSS Base Score: 6.1
Severity: MEDIUM
CWEs: CWE-79
GHSA
GHSA-g3mr-rvr7-8j99: Pulse Connect Secure 8
ghsa_unreviewed·2022-05-17
CVE-2017-11194 [MEDIUM] CWE-79 GHSA-g3mr-rvr7-8j99: Pulse Connect Secure 8
Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdfhttps://twitter.com/sxcurity/status/884556905145937921http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdfhttps://twitter.com/sxcurity/status/884556905145937921
2017-07-12
Published