Pulse Connect Secure Cross-Site Request Forgery (SA40793)
Medium Nessus Plugin ID 103052
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version, the version of Pluse Connect Secure running on the remote host is affected by a cross-site request forgery vulnerability in diag.cgi. This vulnerability may allow remote attackers to hijack the authentication of administrators for requests to start tcpdump.
SolutionUpgrade to or later.