Cross-site request forgery in Pulse Connect and Policy Secure

Published: 2017-08-29

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2017-11455
CWE-ID	CWE-352
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Ivanti Policy Secure (formerly Pulse Policy Secure) Server applications / Remote access servers, VPN Ivanti Connect Secure (formerly Pulse Connect Secure) Server applications / Remote access servers, VPN
Vendor	Ivanti

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Cross-site request forgery

EUVDB-ID: #VU8032

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:U/U:Clear]

CVE-ID: CVE-2017-11455

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to perform CSRF attack.

The weakness exists due to improper input validation. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system, trigger a flaw in 'diag.cgi and perform arbitrary actions.

Mitigation

The vulnerability is addressed in the following versions: 8.3R1, 8.2R6, 8.1R12, 8.0R17 and 5.4R1, 5.3R6, 5.2R9, 5.1R12.

Vulnerable software versions

Ivanti Policy Secure (formerly Pulse Policy Secure): All versions

Ivanti Connect Secure (formerly Pulse Connect Secure): All versions

CPE2.3

External links

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40793

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.