CVE-2019-11510

Опубликовано: 08 мая 2019

Источник: nvd

CVSS3: 9.9

CVSS3: 10

CVSS2: 7.5

EPSS Критический

Описание

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

Ссылки

http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/108073
Broken Link
Third Party Advisory
VDB Entry
https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/
Broken Link
Third Party Advisory
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
Exploit
Third Party Advisory
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
Third Party Advisory
https://kb.pulsesecure.net/?atype=sa
Not Applicable
Vendor Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
Broken Link
Patch
Vendor Advisory
https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3E
Mailing List
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
Third Party Advisory
https://www.kb.cert.org/vuls/id/927237
Third Party Advisory
US Government Resource
http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/108073
Broken Link
Third Party Advisory
VDB Entry
https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/
Broken Link
Third Party Advisory
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
Exploit
Third Party Advisory
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
Third Party Advisory
https://kb.pulsesecure.net/?atype=sa
Not Applicable
Vendor Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
Broken Link
Patch
Vendor Advisory
https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3E
Mailing List

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ivanti:connect_secure:8.2:r1.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r1.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r10.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r11.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r12.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r2.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r3.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r3.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r4.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r4.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r5.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r5.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r6.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r7.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r7.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r8.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r8.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r8.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.2:r9.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.3:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.3:r2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.3:r2.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.3:r3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.3:r4:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.3:r5:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.3:r5.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.3:r5.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.3:r6:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.3:r6.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:8.3:r7:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.94476

Критический

9.9 Critical

CVSS3

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-6wr2-qx99-98mg

CVSS3: 10

github

больше 3 лет назад

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker can upload a malicious file to write to arbitrary files, because of Insecure Permissions.

BDU:2019-02980

CVSS3: 8.6

fstec

почти 7 лет назад

Уязвимость VPN-шлюза корпоративных сетей Pulse Connect Secure, связанная с ошибками обработки разрешений, позволяющая нарушителю получить доступ на чтение произвольных файлов

EPSS

Процентиль: 100%

0.94476

Критический

9.9 Critical

CVSS3

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22