cvedb.io
CVE-2017-11193
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2017-07-12T20:29:00.190 · Last modified 2026-06-17T01:01:23.227

Summary

Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page.

Affected products

pulsesecure — pulse_connect_secure

Does this affect you?

Add your gear to cvedb and we'll alert you only when pulsesecure ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.