CVE-2017-11196

Name of the Vulnerable Software and Affected Versions Pulse Connect Secure version 8.3R1

Description The issue concerns the logout function of the admin panel, which is not protected by any CSRF tokens. This allows an attacker to logout a user by making them visit a malicious web page, exploiting the lack of protection in the logout.cgi endpoint.

Recommendations For Pulse Connect Secure version 8.3R1, consider implementing CSRF tokens to protect the logout function of the admin panel as a permanent fix. As a temporary workaround, restrict access to the logout.cgi endpoint to minimize the risk of exploitation.