CVE-2019-11510
CVE-2019-11510
In short
Pulse Connect Secure allows attackers to read any file on the server without logging in by sending a specially crafted web request. This exposes sensitive data like passwords and configuration files.
Technical detail
An unauthenticated remote attacker can exploit path traversal (CWE-22) via malicious URI requests to Pulse Connect Secure to read arbitrary files from the affected server. The vulnerability requires no authentication or user interaction and can result in unauthorized disclosure of sensitive information.
Summary generated and translated by AI from the official description.
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N
Affected products
n/a · n/apublic PoCs found — 16
githubgithub.com/projectzeroindia/CVE-2019-11510★ 362githubgithub.com/BishopFox/pwn-pulse★ 135githubgithub.com/jas502n/CVE-2019-11510-1★ 52githubgithub.com/imjdl/CVE-2019-11510-poc★ 50githubgithub.com/cisagov/check-your-pulse★ 28githubgithub.com/r00tpgp/http-pulse_ssl_vpn.nse★ 18githubgithub.com/aqhmal/pulsexploit★ 9githubgithub.com/es0/CVE-2019-11510_poc★ 5githubgithub.com/34zY/APT-Backpack★ 3githubgithub.com/andripwn/pulse-exploit★ 1githubgithub.com/pwn3z/CVE-2019-11510-PulseVPN★ 1githubgithub.com/nuc13us/Pulse★ 0githubgithub.com/jason3e7/CVE-2019-11510★ 0exploitdbwww.exploit-db.com/exploits/47297unverifiedcve_referencepacketstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.htmlunverifiedcve_referencepacketstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.htmlhttp://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.htmlhttps://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdfhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/https://kb.pulsesecure.net/?atype=sahttps://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3Ehttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11510https://www.kb.cert.org/vuls/id/927237http://www.securityfocus.com/bid/108073