CVE-2017-11455

Name of the Vulnerable Software and Affected Versions Pulse Connect Secure versions 8.2R1 through 8.2R5 Pulse Connect Secure versions 8.1R1 through 8.1R10 Pulse Policy Secure versions 5.3R1 through 5.3R5 Pulse Policy Secure versions 5.2R1 through 5.2R8 Pulse Policy Secure versions 5.1R1 through 5.1R10

Description The issue allows remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens in the diag.cgi component.

Recommendations For Pulse Connect Secure versions 8.2R1 through 8.2R5, consider disabling access to the diag.cgi component until a patch is available. For Pulse Connect Secure versions 8.1R1 through 8.1R10, consider disabling access to the diag.cgi component until a patch is available. For Pulse Policy Secure versions 5.3R1 through 5.3R5, consider disabling access to the diag.cgi component until a patch is available. For Pulse Policy Secure versions 5.2R1 through 5.2R8, consider disabling access to the diag.cgi component until a patch is available. For Pulse Policy Secure versions 5.1R1 through 5.1R10, consider disabling access to the diag.cgi component until a patch is available.