CVE-2017-11194 - OpenCVE

Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Pulsesecure	Pulse Connect Secure

Configuration 1 [-]

cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r1.0:*:*:*:*:*:*:*

References

Link	Resource
http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf	Third Party Advisory
https://twitter.com/sxcurity/status/884556905145937921	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-12T20:00:00

Updated: 2017-07-12T20:57:01

Reserved: 2017-07-12T00:00:00

Link: CVE-2017-11194

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-07-12T20:29:00.317

Modified: 2017-07-17T17:18:28.903

Link: CVE-2017-11194

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-12T00:00:00", "descriptions": [{"lang": "en", "value": "Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-12T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://twitter.com/sxcurity/status/884556905145937921"}, {"tags": ["x_refsource_MISC"], "url": "http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-11194", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://twitter.com/sxcurity/status/884556905145937921", "refsource": "MISC", "url": "https://twitter.com/sxcurity/status/884556905145937921"}, {"name": "http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf", "refsource": "MISC", "url": "http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11194", "datePublished": "2017-07-12T20:00:00", "dateReserved": "2017-07-12T00:00:00", "dateUpdated": "2017-07-12T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r1.0:*:*:*:*:*:*:*", "matchCriteriaId": "03CC2CCF-AF71-4DB5-98D1-C82C4DD8E7C8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc."}, {"lang": "es", "value": "En Pulse Connect Secure versi\u00f3n 8.3R1, presenta un problema de tipo XSS reflejado en el archivo adminservercacertdetails.cgi. En el panel de administraci\u00f3n, el par\u00e1metro certid del archivo adminservercacertdetails.cgi es reflejado en la respuesta de la aplicaci\u00f3n y no est\u00e1 saneado apropiadamente, permitiendo que un atacante inyecte etiquetas. Un atacante podr\u00eda venir con una carga \u00fatil inteligente para hacer que el sistema ejecute comandos como ping, ping6, traceroute, nslookup, arp, etc."}], "id": "CVE-2017-11194", "lastModified": "2017-07-17T17:18:28.903", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-12T20:29:00.317", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://twitter.com/sxcurity/status/884556905145937921"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}