CVE-2017-17947
Last modified
CVE-2017-17947 is a vulnerability of currently unknown severity. A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized. Exploitation does require the user to be logged in as administrator; the issue is not applicable to the end user portal.. EPSS estimates a 0.51% chance of exploitation in the next 30 days.
Description
A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized. Exploitation does require the user to be logged in as administrator; the issue is not applicable to the end user portal.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pulsesecure | Pulse Connect Secure | < 8.0r17.0 |
| Pulsesecure | Pulse Connect Secure | >= 8.1, < 8.1r13 |
| Pulsesecure | Pulse Connect Secure | >= 8.2, <= 8.2r9 |
| Pulsesecure | Pulse Connect Secure | >= 8.3, < 8.3r3 |
References
- http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43018Patch, Vendor Advisory
- http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43018Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-17947?
How severe is CVE-2017-17947?
How do I fix CVE-2017-17947?
Are you affected by CVE-2017-17947?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST