CVE-2017-11196Cross-Site Request Forgery in Pulse Connect Secure

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 64.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pulsesecure Pulse Connect Secure
Timeline
PublishedJul 12
Latest updateMay 17

Description

Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hxjp-xfg3-mhwh: Pulse Connect Secure 82022-05-17
CVEList
CVE-2017-11196: Pulse Connect Secure 82017-07-12
CVE-2017-11196 — Cross-Site Request Forgery | cvebase