CVE-2019-11539

CVSS 8 HIGHEPSS 98.6%● KEVCWE-78

Vexday Risk Score

100Fix now

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 8EPSS 98.6%KEV simPoC públicaNuclei —Metasploit simPatch —

Lifecycle

24 Apr 2019Metasploit module available

26 Apr 2019Published on NVD

04 Sep 2019Public PoC

03 Nov 2021Active exploitation (CISA KEV)

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

An authenticated attacker can inject and execute arbitrary commands through the admin web interface of Pulse Secure products, compromising the entire system. This is a critical flaw because it allows someone with login credentials to take complete control of the device.

Technical detail

CWE-78 command injection vulnerability in the admin web interface of Pulse Connect Secure and Pulse Policy Secure allows authenticated users to execute arbitrary OS commands. The attack vector requires valid administrator credentials and affects multiple product versions prior to specified patch levels; successful exploitation grants complete system compromise.

Summary generated and translated by AI from the official description.

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.

CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N

Affected products

n/a · n/a

public PoCs found — 6

githubgithub.com/0xDezzy/CVE-2019-11539★ 132 cve_referencepacketstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.htmlunverified cve_referencepacketstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-Execution.htmlunverified cve_referencepacketstormsecurity.com/files/162092/Pulse-Secure-VPN-Arbitrary-Command-Execution.htmlunverified exploitdbwww.exploit-db.com/exploits/47354unverified exploitdbwww.exploit-db.com/exploits/47700unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.html http://packetstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-Execution.html http://packetstormsecurity.com/files/162092/Pulse-Secure-VPN-Arbitrary-Command-Execution.html https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11539 https://www.kb.cert.org/vuls/id/927237 http://www.securityfocus.com/bid/108073