CVE-2019-11508
8.6
CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:C/UI:N
Summary
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://kb.pulsesecure.net/?atype=sa
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
- http://www.securityfocus.com/bid/108073
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
- https://www.kb.cert.org/vuls/id/927237
References
- https://kb.pulsesecure.net/?atype=sa
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
- http://www.securityfocus.com/bid/108073
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
- https://www.kb.cert.org/vuls/id/927237
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.