CVE-2017-11193

Name of the Vulnerable Software and Affected Versions Pulse Connect Secure version 8.3R1

Description The issue concerns a lack of protection against CSRF in the diag.cgi file, which is used for running various commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. This lack of protection can allow an attacker to run these commands against any IP address if they can trick an administrator into visiting a malicious page designed to exploit this weakness.

Recommendations For Pulse Connect Secure version 8.3R1, consider disabling access to the diag.cgi file until a patch is available to prevent potential exploitation. Restrict access to the administrative panel to minimize the risk of an attacker tricking an admin into visiting a malicious CSRF page.