12 Juil 2017
CVE-2017-11193 - CVE Vulnerability
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page. (CVSS:0.0) (Last Update:2017-07-12)
Vulnerability Details : Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page. Publish Date : 2017-07-12 Last Update Date : 2017-07-12 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2017-11193
- References For CVE-2017-11193
| |||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2017-11193There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |