Vulnerability Details : CVE-2019-11541
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.
Products affected by CVE-2019-11541
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r2.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r3.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r4.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r1.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r4.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r5.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r3.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3rx:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0rx:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r2:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r2.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3.2:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r5.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r6.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r7.0:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2rx:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:8.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-11541
1.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-11541
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
8.3
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L |
3.9
|
3.7
|
MITRE | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2019-11541
-
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
Pulse Security Advisory: SA44101 - 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RXVendor Advisory
-
http://www.securityfocus.com/bid/108073
Pulse Connect Secure and Pulse Policy Secure Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
Pulse Security Advisory: SA44101 - 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RXVendor Advisory
-
https://www.kb.cert.org/vuls/id/927237
VU#927237 - Pulse Secure VPN contains multiple vulnerabilitiesThird Party Advisory;US Government Resource
Jump to