Vulnerability Details : CVE-2019-11510

Exploit prediction scoring system (EPSS) score for CVE-2019-11510

Metasploit modules for CVE-2019-11510

• Pulse Secure VPN Arbitrary File Disclosure

  Disclosure Date : 2019-04-24

  auxiliary/gather/pulse_secure_file_disclosure

  This module exploits a pre-auth directory traversal in the Pulse Secure VPN server to dump an arbitrary file. Dumped files are stored in loot. If the "Automatic" action is set, plaintext and hashed credentials, as well as session IDs, will be dumped. Valid sessions can be hijacked by setting the "DSIG" browser cookie to a valid session ID. For the "Manual" action, please specify a file to dump via the "FILE" option. /etc/passwd will be dumped by default. If the "PRINT" option is set, file contents will be printed to the screen, with any unprintable characters replaced by a period. Please see related module exploit/linux/http/pulse_secure_cmd_exec for a post-auth exploit that can leverage the results from this module. Authors: - Orange Tsai - Meh Chang - Alyssa Herrera - Justin Wagner - wvu <[email protected]>

  More information

CVSS scores for CVE-2019-11510

CWE ids for CVE-2019-11510

• CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
  Assigned by: [email protected] (Primary)

References for CVE-2019-11510

Products affected by CVE-2019-11510