High severity8.8NVD Advisory· Published Aug 29, 2017· Updated Jun 17, 2026
CVE-2017-11455
CVE-2017-11455
Description
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.
Affected products
50>=5.3R1,<=5.3R5 OR >=5.2R1,<=5.2R8 OR >=5.1R1,<=5.1R10+ 38 more
- (no CPE)range: >=5.3R1,<=5.3R5 OR >=5.2R1,<=5.2R8 OR >=5.1R1,<=5.1R10
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r10:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r1.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r2.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r2.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r3.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r3.2:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r4.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r5.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r6.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r7.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r7.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r8.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r9.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r2.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.2:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r4.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r5.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r6.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r8.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r1.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r2.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r3.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r3.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r4.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r4.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r5.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r5.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r5.2:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r6.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r7.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r8.0:*:*:*:*:*:*:*
- (no CPE)range: 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10
- cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r1.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r2.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r3.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r3.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r4.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r4.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r5.0:*:*:*:*:*:*:*
- (no CPE)range: 8.2R1 through 8.2R5, 8.1R1 through 8.1R10
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/100530nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039242nvdThird Party AdvisoryVDB Entry
- kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40793nvdVendor Advisory
News mentions
0No linked articles in our index yet.