Vulnerability Details : CVE-2019-11510

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
Vulnerability category: Directory traversal
Published 2019-05-08 17:29:01
Updated 2023-03-24 17:36:08
Source MITRE
View at NVD,   CVE.org
CVE-2019-11510 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.
Notes:
Reference CISA's ED 21-03 (https://www.cisa.gov/emergency-directive-21-03) for further guidance and requirements.
Added on 2021-11-03 Action due date 2021-04-23

Exploit prediction scoring system (EPSS) score for CVE-2019-11510

Probability of exploitation activity in the next 30 days: 97.23%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2019-11510

  • Pulse Secure VPN Arbitrary File Disclosure
    Disclosure Date : 2019-04-24
    auxiliary/gather/pulse_secure_file_disclosure
    This module exploits a pre-auth directory traversal in the Pulse Secure VPN server to dump an arbitrary file. Dumped files are stored in loot. If the "Automatic" action is set, plaintext and hashed credentials, as well as session IDs, will be dumped. Valid sessions can be hijacked by setting the "DSIG" browser cookie to a valid session ID. For the "Manual" action, please specify a file to dump via the "FILE" option. /etc/passwd will be dumped by default. If the "PRINT" option is set, file contents will be printed to the screen, with any unprintable characters replaced by a period. Please see related module exploit/linux/http/pulse_secure_cmd_exec for a post-auth exploit that can leverage the results from this module. Authors: - Orange Tsai - Meh Chang - Alyssa Herrera - Justin Wagner - wvu <[email protected]>

CVSS scores for CVE-2019-11510

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
[email protected]
9.9
CRITICAL CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
3.1
6.0
[email protected]
10.0
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
3.9
6.0
[email protected]

CWE ids for CVE-2019-11510

References for CVE-2019-11510

Products affected by CVE-2019-11510

This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!