CVE-2017-11196
HIGHPulse Connect Secure 8.3R1 - Cross-Site Request Forgery in Admin Logout Function
Title source: llmDescription
Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://twitter.com/sxcurity/status/884556905145937921
Third Party Advisory x_refsource_misc
http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99613
Scores
CVSS v3
8.8
EPSS
0.0056
EPSS Percentile
42.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
pulsesecure/pulse_connect_secure
8.3r1.0
Published
Jul 12, 2017
Tracked Since
Feb 18, 2026