Vulnerability-Lookup

CVE-2019-11510 (GCVE-0-2019-11510)

Vulnerability from cvelistv5 – Published: 2019-05-08 16:18 – Updated: 2025-10-21 23:45

CISA KEV KEVintel KEV

Summary

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

Severity

9.9 (Critical)


                        
                          CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N

SSVC

Exploitation: active Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

n/a
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

mitre

References

12 references

URL	Tags
https://kb.pulsesecure.net/?atype=sa	x_refsource_MISC
https://kb.pulsesecure.net/articles/Pulse_Securit…	x_refsource_CONFIRM
http://www.securityfocus.com/bid/108073	vdb-entryx_refsource_BID
https://psirt.global.sonicwall.com/vuln-detail/SN…	x_refsource_CONFIRM
http://packetstormsecurity.com/files/154176/Pulse…	x_refsource_MISC
https://badpackets.net/over-14500-pulse-secure-vp…	x_refsource_MISC
http://packetstormsecurity.com/files/154231/Pulse…	x_refsource_MISC
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsa…	x_refsource_MISC
https://devco.re/blog/2019/09/02/attacking-ssl-vp…	x_refsource_MISC
https://lists.apache.org/thread.html/ff5fa1837b6b…	mailing-listx_refsource_MLIST
https://www.kb.cert.org/vuls/id/927237	third-party-advisoryx_refsource_CERT-VN
https://www.cisa.gov/known-exploited-vulnerabilit…	government-resource

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 737f1af6-6cb0-4bcd-942f-dd4564221d10

Vulnerability ID: CVE-2019-11510

Status: Confirmed

Status Updated: 2021-11-03 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2021-11-03

Asserted: 2021-11-03

Scope

Notes: KEV entry: Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability | Affected: Ivanti / Pulse Connect Secure | Description: Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2019-11510

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-22
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Pulse Connect Secure
Due Date	2022-05-03
Date Added	2021-11-03
Vendorproject	Ivanti
Vulnerabilityname	Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
Knownransomwarecampaignuse	Known

References

CVE-2019-11510

Created: 2026-02-02 12:29 UTC | Updated: 2026-02-06 07:17 UTC

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 66af9448-072b-4044-b407-8277b7e7d073

Vulnerability ID: CVE-2019-11510

Status: Confirmed

Status Updated: 2021-11-03 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2021-11-03

Asserted: 2021-11-03

Scope

Notes: KEVIntel entry: In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can... | Affected: Pulse Secure / Pulse Connect Secure | CVSS: 10.0 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False

Evidence

Type: Public Report

Signal: Confirmed Compromise

Confidence: 70%

Source: kevintel

Details

Feed	KEVIntel (kevintel.com)
Title	In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can...
Vendor	Pulse Secure
Product	Pulse Connect Secure
Added Date	2021-11-03T00:00:00.000Z
Cvss Score	10.0
Epss Score	0.99999
Cvss Severity	CRITICAL
Epss Percentile	0.99995
Used In Malware	yes
Ahead Of Cisa Kev	None
Not Yet In Cisa Kev	False

References

Created: 2026-06-19 12:48 UTC | Updated: 2026-06-19 12:48 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:55:40.694Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/?atype=sa"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
          },
          {
            "name": "108073",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108073"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
          },
          {
            "name": "[guacamole-user] 20190912 Re: [Guacamole hack attack?]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3E"
          },
          {
            "name": "VU#927237",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/927237"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-11510",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-03T16:16:21.996263Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11510"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:45:37.755Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11510"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00.000Z",
            "value": "CVE-2019-11510 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability ."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-16T17:06:17.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/?atype=sa"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
        },
        {
          "name": "108073",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108073"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
        },
        {
          "name": "[guacamole-user] 20190912 Re: [Guacamole hack attack?]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3E"
        },
        {
          "name": "VU#927237",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/927237"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-11510",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability ."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/?atype=sa",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/?atype=sa"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
            },
            {
              "name": "108073",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108073"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
            },
            {
              "name": "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html"
            },
            {
              "name": "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/",
              "refsource": "MISC",
              "url": "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/"
            },
            {
              "name": "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html"
            },
            {
              "name": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf",
              "refsource": "MISC",
              "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
            },
            {
              "name": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/",
              "refsource": "MISC",
              "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
            },
            {
              "name": "[guacamole-user] 20190912 Re: [Guacamole hack attack?]",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E"
            },
            {
              "name": "VU#927237",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/927237"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-11510",
    "datePublished": "2019-05-08T16:18:28.000Z",
    "dateReserved": "2019-04-24T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:45:37.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2019-11510",
      "cwes": "[\"CWE-22\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "knownRansomwareCampaignUse": "Known",
      "notes": "Reference CISA\u0027s ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2019-11510",
      "product": "Pulse Connect Secure",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.",
      "vendorProject": "Ivanti",
      "vulnerabilityName": "Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability"
    },
    "epss": {
      "cve": "CVE-2019-11510",
      "date": "2026-06-20",
      "epss": "0.99999",
      "percentile": "0.99995"
    },
    "fkie_nvd": {
      "cisaActionDue": "2021-04-23",
      "cisaExploitAdd": "2021-11-03",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r1.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"48B04626-10A7-4A12-AF3D-61C8D980AA21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r1.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"183E1DD7-EE4B-47C4-99E2-CD06ED2E0D4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r10.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"00F4DF7B-ED7F-46FC-8B12-5527FB5A4305\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r11.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A5AF6A0-6613-4B15-A1A3-AEAC0EF7E374\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r12.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"970C2BEE-5798-4A5F-8D4E-7970BFCF0CD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r2.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D187DDB-96C8-4435-992E-CFEEE24BC7C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r3.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CA6CBE1-CF6C-4D8C-BAB3-0B78E56E85DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r3.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"761102E8-04DB-465A-A592-98C5F5E0ADFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r4.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F7455AD-E662-4817-A343-9ACCE763B78E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r4.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1F61A93-6E90-4063-BFCA-166DA0DDCE38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r5.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5BF94C4-0456-4CB1-9CC5-02A316C84E09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r5.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"35F94103-0DB3-4D3A-8247-59E1F86743B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r6.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"784ADC67-57BF-4FFA-AC13-5F2F1208F39D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r7.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6D81535-5163-4DAD-8AAA-61F107E11EB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r7.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCF535C6-97A2-4222-9BF4-A7D16E5598FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r8.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B3806F4-53E6-47B2-9D16-69B566DAAD97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r8.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A37BEF28-D0D5-46BD-A460-32734D0D63B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r8.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"363C9E09-EC06-4A34-8C25-97DCCAA992E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.2:r9.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"3AB170D9-42AF-417B-8EF8-2895F54D0AEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.3:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2871AAD9-FC12-4E2D-B722-0F721D7FE101\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.3:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A319BAB-F483-4926-9700-760D8025F747\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.3:r2.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA6BD7FD-29A3-468C-8A85-63202EB1B625\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.3:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"00AA23DF-CA30-41FC-9563-C95BA7D31129\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.3:r4:*:*:*:*:*:*\", \"matchCriteriaId\": \"D85A6292-EE41-487C-A1DC-0E8E443A8075\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.3:r5:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D829F28-4FFF-40C9-AF62-455BA5BB4E58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.3:r5.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DC693D8-D12B-4A0B-808A-A0808BAA33DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.3:r5.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"3837BB6E-5236-4B2D-9693-4DE85C7845C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.3:r6:*:*:*:*:*:*\", \"matchCriteriaId\": \"72430B2F-A311-4DF7-ABBB-1EE0BAF507FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.3:r6.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7FCDCCF-8509-431A-B450-B18C110AAE19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:8.3:r7:*:*:*:*:*:*\", \"matchCriteriaId\": \"718B6320-E7BE-4715-A446-541D1AADA027\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D47D09A8-4AC4-4CD9-B648-5F26453E2E1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"59331DC5-FF5F-4BB3-905E-5A4A621F86ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A708C3F-9050-4475-95B3-4785D3E2CB69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"52851AAA-88FB-40BC-B41A-B821F6BA9F79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F05DC11E-7C41-450B-A2BF-603E9252BB40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DA976D9-A330-475E-B8C0-09EF3E08F18D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"59F4A6F7-A6D4-4517-A316-7C7C002A9ED3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\"}, {\"lang\": \"es\", \"value\": \"En Pulse Secure Pulse Connect Secure (PCS) versi\\u00f3n 8.2 en versiones anteriores a la 8.2R12.1, versi\\u00f3n 8.3 en versiones anteriores a la 8.3R7.1 y versi\\u00f3n 9.0 en versiones anteriores a la 9.0R3.4, un atacante remoto no autenticado puede enviar una URI especialmente dise\\u00f1ado para realizar una vulnerabilidad de lectura de archivos arbitraria.\"}]",
      "id": "CVE-2019-11510",
      "lastModified": "2024-11-21T04:21:14.287",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}], \"cvssMetricV30\": [{\"source\": \"cve@mitre.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 9.9, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-05-08T17:29:00.630",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/108073\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Third Party Advisory\"]}, {\"url\": \"https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://kb.pulsesecure.net/?atype=sa\", \"source\": \"cve@mitre.org\", \"tags\": [\"Not Applicable\", \"Vendor Advisory\"]}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/927237\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/108073\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\"]}, {\"url\": \"https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://kb.pulsesecure.net/?atype=sa\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\", \"Vendor Advisory\"]}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/927237\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-11510\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-05-08T17:29:00.630\",\"lastModified\":\"2025-11-06T16:51:32.237\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\"},{\"lang\":\"es\",\"value\":\"En Pulse Secure Pulse Connect Secure (PCS) versi\u00f3n 8.2 en versiones anteriores a la 8.2R12.1, versi\u00f3n 8.3 en versiones anteriores a la 8.3R7.1 y versi\u00f3n 9.0 en versiones anteriores a la 9.0R3.4, un atacante remoto no autenticado puede enviar una URI especialmente dise\u00f1ado para realizar una vulnerabilidad de lectura de archivos arbitraria.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}],\"cvssMetricV30\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2021-04-23\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r1.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"48B04626-10A7-4A12-AF3D-61C8D980AA21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r1.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"183E1DD7-EE4B-47C4-99E2-CD06ED2E0D4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r10.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"00F4DF7B-ED7F-46FC-8B12-5527FB5A4305\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r11.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5AF6A0-6613-4B15-A1A3-AEAC0EF7E374\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r12.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"970C2BEE-5798-4A5F-8D4E-7970BFCF0CD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r2.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D187DDB-96C8-4435-992E-CFEEE24BC7C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r3.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CA6CBE1-CF6C-4D8C-BAB3-0B78E56E85DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r3.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"761102E8-04DB-465A-A592-98C5F5E0ADFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r4.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F7455AD-E662-4817-A343-9ACCE763B78E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r4.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1F61A93-6E90-4063-BFCA-166DA0DDCE38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r5.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5BF94C4-0456-4CB1-9CC5-02A316C84E09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r5.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"35F94103-0DB3-4D3A-8247-59E1F86743B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r6.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"784ADC67-57BF-4FFA-AC13-5F2F1208F39D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r7.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6D81535-5163-4DAD-8AAA-61F107E11EB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r7.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCF535C6-97A2-4222-9BF4-A7D16E5598FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r8.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B3806F4-53E6-47B2-9D16-69B566DAAD97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r8.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A37BEF28-D0D5-46BD-A460-32734D0D63B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r8.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"363C9E09-EC06-4A34-8C25-97DCCAA992E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.2:r9.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AB170D9-42AF-417B-8EF8-2895F54D0AEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2871AAD9-FC12-4E2D-B722-0F721D7FE101\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.3:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A319BAB-F483-4926-9700-760D8025F747\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.3:r2.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA6BD7FD-29A3-468C-8A85-63202EB1B625\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.3:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"00AA23DF-CA30-41FC-9563-C95BA7D31129\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.3:r4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D85A6292-EE41-487C-A1DC-0E8E443A8075\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.3:r5:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D829F28-4FFF-40C9-AF62-455BA5BB4E58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.3:r5.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DC693D8-D12B-4A0B-808A-A0808BAA33DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.3:r5.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3837BB6E-5236-4B2D-9693-4DE85C7845C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.3:r6:*:*:*:*:*:*\",\"matchCriteriaId\":\"72430B2F-A311-4DF7-ABBB-1EE0BAF507FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.3:r6.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7FCDCCF-8509-431A-B450-B18C110AAE19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:8.3:r7:*:*:*:*:*:*\",\"matchCriteriaId\":\"718B6320-E7BE-4715-A446-541D1AADA027\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D47D09A8-4AC4-4CD9-B648-5F26453E2E1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"59331DC5-FF5F-4BB3-905E-5A4A621F86ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A708C3F-9050-4475-95B3-4785D3E2CB69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"52851AAA-88FB-40BC-B41A-B821F6BA9F79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F05DC11E-7C41-450B-A2BF-603E9252BB40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DA976D9-A330-475E-B8C0-09EF3E08F18D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"59F4A6F7-A6D4-4517-A316-7C7C002A9ED3\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/108073\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kb.pulsesecure.net/?atype=sa\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\",\"Vendor Advisory\"]},{\"url\":\"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/927237\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/108073\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kb.pulsesecure.net/?atype=sa\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\",\"Vendor Advisory\"]},{\"url\":\"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/927237\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11510\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://kb.pulsesecure.net/?atype=sa\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/108073\", \"name\": \"108073\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3E\", \"name\": \"[guacamole-user] 20190912 Re: [Guacamole hack attack?]\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/927237\", \"name\": \"VU#927237\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T22:55:40.694Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-11510\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-03T16:16:21.996263Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11510\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-11-03T00:00:00.000Z\", \"value\": \"CVE-2019-11510 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11510\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-03T16:16:46.460Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"scope\": \"CHANGED\", \"version\": \"3.0\", \"baseScore\": 9.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://kb.pulsesecure.net/?atype=sa\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securityfocus.com/bid/108073\", \"name\": \"108073\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3E\", \"name\": \"[guacamole-user] 20190912 Re: [Guacamole hack attack?]\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/927237\", \"name\": \"VU#927237\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2019-10-16T17:06:17.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"CHANGED\", \"version\": \"3.0\", \"attackVector\": \"NETWORK\", \"vectorString\": \"CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://kb.pulsesecure.net/?atype=sa\", \"name\": \"https://kb.pulsesecure.net/?atype=sa\", \"refsource\": \"MISC\"}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/\", \"name\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securityfocus.com/bid/108073\", \"name\": \"108073\", \"refsource\": \"BID\"}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010\", \"name\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html\", \"name\": \"http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/\", \"name\": \"https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/\", \"refsource\": \"MISC\"}, {\"url\": \"http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html\", \"name\": \"http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf\", \"name\": \"https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf\", \"refsource\": \"MISC\"}, {\"url\": \"https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/\", \"name\": \"https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/\", \"refsource\": \"MISC\"}, {\"url\": \"https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E\", \"name\": \"[guacamole-user] 20190912 Re: [Guacamole hack attack?]\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/927237\", \"name\": \"VU#927237\", \"refsource\": \"CERT-VN\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2019-11510\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2019-11510\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:45:37.755Z\", \"dateReserved\": \"2019-04-24T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2019-05-08T16:18:28.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

BDU:2019-02980

Vulnerability from fstec - Published: 22.03.2019

Title

Уязвимость VPN-шлюза корпоративных сетей Pulse Connect Secure, связанная с ошибками обработки разрешений, позволяющая нарушителю получить доступ на чтение произвольных файлов

Description

Уязвимость VPN-шлюза корпоративных сетей Pulse Connect Secure связана с ошибками обработки разрешений. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ на чтение произвольных файлов, используя специально созданный URI

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Vendor

Pulsesecure

Software Name

Pulse Connect Secure

Software Version

7.1 (Pulse Connect Secure), 7.1 R3.0 (Pulse Connect Secure), 7.1 R15.0 (Pulse Connect Secure), 7.1 R10.0 (Pulse Connect Secure), 7.1 R22.0 (Pulse Connect Secure), 7.1 R8.0 (Pulse Connect Secure), 7.1 R2.0 (Pulse Connect Secure), 7.1 R4.0 (Pulse Connect Secure), 7.1 R16.0 (Pulse Connect Secure), 7.1 R9.0 (Pulse Connect Secure), 7.1 R22.1 (Pulse Connect Secure), 7.1 R11.0 (Pulse Connect Secure), 7.1 R20.0 (Pulse Connect Secure), 7.1 R4.1 (Pulse Connect Secure), 7.1 R17.0 (Pulse Connect Secure), 7.1 R22.2 (Pulse Connect Secure), 7.1 R12.0 (Pulse Connect Secure), 7.1 R20.1 (Pulse Connect Secure), 7.1 R5.0 (Pulse Connect Secure), 7.1 R18.0 (Pulse Connect Secure), 7.1 R22.3 (Pulse Connect Secure), 7.1 R13.0 (Pulse Connect Secure), 7.1 R20.2 (Pulse Connect Secure), 7.1 R1.0 (Pulse Connect Secure), 7.1 R6.0 (Pulse Connect Secure), 7.1 R19.0 (Pulse Connect Secure), 7.1 R22.4 (Pulse Connect Secure), 7.1 R14.0 (Pulse Connect Secure), 7.1 R21.0 (Pulse Connect Secure), 7.1 R1.1 (Pulse Connect Secure), 7.1 R7.0 (Pulse Connect Secure), 7.1 R19.1 (Pulse Connect Secure), 7.4 R8.0 (Pulse Connect Secure), 7.4 R11.0 (Pulse Connect Secure), 7.4 R3.0 (Pulse Connect Secure), 7.4 R13.3 (Pulse Connect Secure), 7.4 R9.0 (Pulse Connect Secure), 7.4 R11.1 (Pulse Connect Secure), 7.4 R4.0 (Pulse Connect Secure), 7.4 R13.4 (Pulse Connect Secure), 7.4 R9.1 (Pulse Connect Secure), 7.4 R12.0 (Pulse Connect Secure), 7.4 (Pulse Connect Secure), 7.4 R5.0 (Pulse Connect Secure), 7.4 R13.5 (Pulse Connect Secure), 7.4 R9.2 (Pulse Connect Secure), 7.4 R13.0 (Pulse Connect Secure), 7.4 R6.0 (Pulse Connect Secure), 7.4 R1.0 (Pulse Connect Secure), 7.4 R13.6 (Pulse Connect Secure), 7.4 R9.3 (Pulse Connect Secure), 7.4 R13.1 (Pulse Connect Secure), 7.4 R7.0 (Pulse Connect Secure), 7.4 R10.0 (Pulse Connect Secure), 7.4 R2.0 (Pulse Connect Secure), 7.4 R13.2 (Pulse Connect Secure), 8.1 R9.2 (Pulse Connect Secure), 8.1 R12.0 (Pulse Connect Secure), 8.1 R6.0 (Pulse Connect Secure), 8.1 R1.0 (Pulse Connect Secure), 8.1 R3.1 (Pulse Connect Secure), 8.1 R12.1 (Pulse Connect Secure), 8.1 R7.0 (Pulse Connect Secure), 8.1 R1.1 (Pulse Connect Secure), 8.1 R3.2 (Pulse Connect Secure), 8.1 R13.0 (Pulse Connect Secure), 8.1 R8.0 (Pulse Connect Secure), 8.1 R10.0 (Pulse Connect Secure), 8.1 R4.0 (Pulse Connect Secure), 8.1 R14.0 (Pulse Connect Secure), 8.1 R11.0 (Pulse Connect Secure), 8.1 R9.0 (Pulse Connect Secure), 8.1 R4.1 (Pulse Connect Secure), 8.1 R2.0 (Pulse Connect Secure), 8.1 R9.1 (Pulse Connect Secure), 8.1 R11.1 (Pulse Connect Secure), 8.1 R5.0 (Pulse Connect Secure), 8.1 (Pulse Connect Secure), 8.1 R2.1 (Pulse Connect Secure), 8.2 R9.0 (Pulse Connect Secure), 8.2 R7.0 (Pulse Connect Secure), 8.2 R4.0 (Pulse Connect Secure), 8.2 R2.0 (Pulse Connect Secure), 8.2 R1.0 (Pulse Connect Secure), 8.2 R7.1 (Pulse Connect Secure), 8.2 R4.1 (Pulse Connect Secure), 8.2 R3.0 (Pulse Connect Secure), 8.2 R1.1 (Pulse Connect Secure), 8.2 R8.0 (Pulse Connect Secure), 8.2 R5.0 (Pulse Connect Secure), 8.2 R3.1 (Pulse Connect Secure), 8.2 R10.0 (Pulse Connect Secure), 8.2 R8.1 (Pulse Connect Secure), 8.2 R5.1 (Pulse Connect Secure), 8.2 R11.0 (Pulse Connect Secure), 8.2 R8.2 (Pulse Connect Secure), 8.2 R6.0 (Pulse Connect Secure), 8.2 R12.0 (Pulse Connect Secure), 8.3 R7 (Pulse Connect Secure), 8.3 R5 (Pulse Connect Secure), 8.3 R1 (Pulse Connect Secure), 8.3 R5.1 (Pulse Connect Secure), 8.3 R2 (Pulse Connect Secure), 8.3 R5.2 (Pulse Connect Secure), 8.3 R2.1 (Pulse Connect Secure), 8.3 R6 (Pulse Connect Secure), 8.3 R3 (Pulse Connect Secure), 8.3 R6.1 (Pulse Connect Secure), 8.3 R4 (Pulse Connect Secure), 9.0 R3.1 (Pulse Connect Secure), 9.0 R3.2 (Pulse Connect Secure), 9.0 R1 (Pulse Connect Secure), 9.0 R2 (Pulse Connect Secure), 9.0 R2.1 (Pulse Connect Secure), 9.0 R3 (Pulse Connect Secure)

Possible Mitigations

Использование рекомендаций: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/

Reference

https://www.cvedetails.com/cve/CVE-2019-11510/ https://www.securityfocus.com/bid/108073/info https://nvd.nist.gov/vuln/detail/CVE-2019-11510 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510 https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html

CWE

CWE-275

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Pulsesecure",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.1 (Pulse Connect Secure), 7.1 R3.0 (Pulse Connect Secure), 7.1 R15.0 (Pulse Connect Secure), 7.1 R10.0 (Pulse Connect Secure), 7.1 R22.0 (Pulse Connect Secure), 7.1 R8.0 (Pulse Connect Secure), 7.1 R2.0 (Pulse Connect Secure), 7.1 R4.0 (Pulse Connect Secure), 7.1 R16.0 (Pulse Connect Secure), 7.1 R9.0 (Pulse Connect Secure), 7.1 R22.1 (Pulse Connect Secure), 7.1 R11.0 (Pulse Connect Secure), 7.1 R20.0 (Pulse Connect Secure), 7.1 R4.1 (Pulse Connect Secure), 7.1 R17.0 (Pulse Connect Secure), 7.1 R22.2 (Pulse Connect Secure), 7.1 R12.0 (Pulse Connect Secure), 7.1 R20.1 (Pulse Connect Secure), 7.1 R5.0 (Pulse Connect Secure), 7.1 R18.0 (Pulse Connect Secure), 7.1 R22.3 (Pulse Connect Secure), 7.1 R13.0 (Pulse Connect Secure), 7.1 R20.2 (Pulse Connect Secure), 7.1 R1.0 (Pulse Connect Secure), 7.1 R6.0 (Pulse Connect Secure), 7.1 R19.0 (Pulse Connect Secure), 7.1 R22.4 (Pulse Connect Secure), 7.1 R14.0 (Pulse Connect Secure), 7.1 R21.0 (Pulse Connect Secure), 7.1 R1.1 (Pulse Connect Secure), 7.1 R7.0 (Pulse Connect Secure), 7.1 R19.1 (Pulse Connect Secure), 7.4 R8.0 (Pulse Connect Secure), 7.4 R11.0 (Pulse Connect Secure), 7.4 R3.0 (Pulse Connect Secure), 7.4 R13.3 (Pulse Connect Secure), 7.4 R9.0 (Pulse Connect Secure), 7.4 R11.1 (Pulse Connect Secure), 7.4 R4.0 (Pulse Connect Secure), 7.4 R13.4 (Pulse Connect Secure), 7.4 R9.1 (Pulse Connect Secure), 7.4 R12.0 (Pulse Connect Secure), 7.4 (Pulse Connect Secure), 7.4 R5.0 (Pulse Connect Secure), 7.4 R13.5 (Pulse Connect Secure), 7.4 R9.2 (Pulse Connect Secure), 7.4 R13.0 (Pulse Connect Secure), 7.4 R6.0 (Pulse Connect Secure), 7.4 R1.0 (Pulse Connect Secure), 7.4 R13.6 (Pulse Connect Secure), 7.4 R9.3 (Pulse Connect Secure), 7.4 R13.1 (Pulse Connect Secure), 7.4 R7.0 (Pulse Connect Secure), 7.4 R10.0 (Pulse Connect Secure), 7.4 R2.0 (Pulse Connect Secure), 7.4 R13.2 (Pulse Connect Secure), 8.1 R9.2 (Pulse Connect Secure), 8.1 R12.0 (Pulse Connect Secure), 8.1 R6.0 (Pulse Connect Secure), 8.1 R1.0 (Pulse Connect Secure), 8.1 R3.1 (Pulse Connect Secure), 8.1 R12.1 (Pulse Connect Secure), 8.1 R7.0 (Pulse Connect Secure), 8.1 R1.1 (Pulse Connect Secure), 8.1 R3.2 (Pulse Connect Secure), 8.1 R13.0 (Pulse Connect Secure), 8.1 R8.0 (Pulse Connect Secure), 8.1 R10.0 (Pulse Connect Secure), 8.1 R4.0 (Pulse Connect Secure), 8.1 R14.0 (Pulse Connect Secure), 8.1 R11.0 (Pulse Connect Secure), 8.1 R9.0 (Pulse Connect Secure), 8.1 R4.1 (Pulse Connect Secure), 8.1 R2.0 (Pulse Connect Secure), 8.1 R9.1 (Pulse Connect Secure), 8.1 R11.1 (Pulse Connect Secure), 8.1 R5.0 (Pulse Connect Secure), 8.1 (Pulse Connect Secure), 8.1 R2.1 (Pulse Connect Secure), 8.2 R9.0 (Pulse Connect Secure), 8.2 R7.0 (Pulse Connect Secure), 8.2 R4.0 (Pulse Connect Secure), 8.2 R2.0 (Pulse Connect Secure), 8.2 R1.0 (Pulse Connect Secure), 8.2 R7.1 (Pulse Connect Secure), 8.2 R4.1 (Pulse Connect Secure), 8.2 R3.0 (Pulse Connect Secure), 8.2 R1.1 (Pulse Connect Secure), 8.2 R8.0 (Pulse Connect Secure), 8.2 R5.0 (Pulse Connect Secure), 8.2 R3.1 (Pulse Connect Secure), 8.2 R10.0 (Pulse Connect Secure), 8.2 R8.1 (Pulse Connect Secure), 8.2 R5.1 (Pulse Connect Secure), 8.2 R11.0 (Pulse Connect Secure), 8.2 R8.2 (Pulse Connect Secure), 8.2 R6.0 (Pulse Connect Secure), 8.2 R12.0 (Pulse Connect Secure), 8.3 R7 (Pulse Connect Secure), 8.3 R5 (Pulse Connect Secure), 8.3 R1 (Pulse Connect Secure), 8.3 R5.1 (Pulse Connect Secure), 8.3 R2 (Pulse Connect Secure), 8.3 R5.2 (Pulse Connect Secure), 8.3 R2.1 (Pulse Connect Secure), 8.3 R6 (Pulse Connect Secure), 8.3 R3 (Pulse Connect Secure), 8.3 R6.1 (Pulse Connect Secure), 8.3 R4 (Pulse Connect Secure), 9.0 R3.1 (Pulse Connect Secure), 9.0 R3.2 (Pulse Connect Secure), 9.0 R1 (Pulse Connect Secure), 9.0 R2 (Pulse Connect Secure), 9.0 R2.1 (Pulse Connect Secure), 9.0 R3 (Pulse Connect Secure)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.03.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.02.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.08.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02980",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-11510",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Pulse Connect Secure",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c VPN-\u0448\u043b\u044e\u0437\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 Pulse Connect Secure, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439 (CWE-275)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c VPN-\u0448\u043b\u044e\u0437\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 Pulse Connect Secure \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 URI",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cvedetails.com/cve/CVE-2019-11510/\nhttps://www.securityfocus.com/bid/108073/info\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11510\nhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv\nhttp://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-275",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,6)"
}

CNVD-2020-21829

Vulnerability from cnvd - Published: 2020-04-08

Title

Pulse Secure Pulse Connect Secure任意文件读取漏洞

Description

Pulse Secure Pulse Connect Secure（又名PCS，前称Juniper Junos Pulse）是美国Pulse Secure公司的一套SSL VPN解决方案。 Pulse Secure PCS 9.0RX版本、8.3RX版本和8.2RX版本中存在授权问题漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。远程攻击者可利用该漏洞发送特制的URI来执行任意文件读取漏洞。

Severity

高

Patch Name

Pulse Secure Pulse Connect Secure任意文件读取漏洞的补丁

Patch Description

Formal description

厂商已发布相关漏洞补丁链接，请及时更新： https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

Reference

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

Impacted products

Name
['Pulse Secure Pulse Connect Secure 9.0R', 'Pulse Secure Pulse Connect Secure 8.3R', 'Pulse Secure Pulse Connect Secure 8.2R*']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-11510"
    }
  },
  "description": "Pulse Secure Pulse Connect Secure\uff08\u53c8\u540dPCS\uff0c\u524d\u79f0Juniper Junos Pulse\uff09\u662f\u7f8e\u56fdPulse Secure\u516c\u53f8\u7684\u4e00\u5957SSL VPN\u89e3\u51b3\u65b9\u6848\u3002\n\nPulse Secure PCS 9.0RX\u7248\u672c\u30018.3RX\u7248\u672c\u548c8.2RX\u7248\u672c\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u63aa\u65bd\u6216\u8eab\u4efd\u9a8c\u8bc1\u5f3a\u5ea6\u4e0d\u8db3\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53d1\u9001\u7279\u5236\u7684URI\u6765\u6267\u884c\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u76f8\u5173\u6f0f\u6d1e\u8865\u4e01\u94fe\u63a5\uff0c\u8bf7\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-21829",
  "openTime": "2020-04-08",
  "patchDescription": "Pulse Secure Pulse Connect Secure\uff08\u53c8\u540dPCS\uff0c\u524d\u79f0Juniper Junos Pulse\uff09\u662f\u7f8e\u56fdPulse Secure\u516c\u53f8\u7684\u4e00\u5957SSL VPN\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nPulse Secure PCS 9.0RX\u7248\u672c\u30018.3RX\u7248\u672c\u548c8.2RX\u7248\u672c\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u63aa\u65bd\u6216\u8eab\u4efd\u9a8c\u8bc1\u5f3a\u5ea6\u4e0d\u8db3\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53d1\u9001\u7279\u5236\u7684URI\u6765\u6267\u884c\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Pulse Secure Pulse Connect Secure\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Pulse Secure Pulse Connect Secure 9.0R*",
      "Pulse Secure Pulse Connect Secure 8.3R*",
      "Pulse Secure Pulse Connect Secure 8.2R*"
    ]
  },
  "referenceLink": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101",
  "serverity": "\u9ad8",
  "submitTime": "2019-04-29",
  "title": "Pulse Secure Pulse Connect Secure\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e"
}

FKIE_CVE-2019-11510

Vulnerability from fkie_nvd - Published: 2019-05-08 17:29 - Updated: 2026-06-17 02:13

CISA KEV KEVintel KEV

Severity

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/108073	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/	Broken Link, Third Party Advisory
cve@mitre.org	https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/	Exploit, Third Party Advisory
cve@mitre.org	https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf	Third Party Advisory
cve@mitre.org	https://kb.pulsesecure.net/?atype=sa	Not Applicable, Vendor Advisory
cve@mitre.org	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/	Broken Link, Patch, Vendor Advisory
cve@mitre.org	https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3E	Mailing List
cve@mitre.org	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010	Third Party Advisory
cve@mitre.org	https://www.kb.cert.org/vuls/id/927237	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/108073	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kb.pulsesecure.net/?atype=sa	Not Applicable, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/	Broken Link, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3E	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/927237	Third Party Advisory, US Government Resource
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11510	US Government Resource

Impacted products

Vendor	Product	Version
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.2
ivanti	connect_secure	8.3
ivanti	connect_secure	8.3
ivanti	connect_secure	8.3
ivanti	connect_secure	8.3
ivanti	connect_secure	8.3
ivanti	connect_secure	8.3
ivanti	connect_secure	8.3
ivanti	connect_secure	8.3
ivanti	connect_secure	8.3
ivanti	connect_secure	8.3
ivanti	connect_secure	8.3
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "cisaActionDue": "2022-05-03",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r1.0:*:*:*:*:*:*",
              "matchCriteriaId": "48B04626-10A7-4A12-AF3D-61C8D980AA21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r1.1:*:*:*:*:*:*",
              "matchCriteriaId": "183E1DD7-EE4B-47C4-99E2-CD06ED2E0D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r10.0:*:*:*:*:*:*",
              "matchCriteriaId": "00F4DF7B-ED7F-46FC-8B12-5527FB5A4305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r11.0:*:*:*:*:*:*",
              "matchCriteriaId": "4A5AF6A0-6613-4B15-A1A3-AEAC0EF7E374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r12.0:*:*:*:*:*:*",
              "matchCriteriaId": "970C2BEE-5798-4A5F-8D4E-7970BFCF0CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r2.0:*:*:*:*:*:*",
              "matchCriteriaId": "1D187DDB-96C8-4435-992E-CFEEE24BC7C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r3.0:*:*:*:*:*:*",
              "matchCriteriaId": "1CA6CBE1-CF6C-4D8C-BAB3-0B78E56E85DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "761102E8-04DB-465A-A592-98C5F5E0ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r4.0:*:*:*:*:*:*",
              "matchCriteriaId": "3F7455AD-E662-4817-A343-9ACCE763B78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "A1F61A93-6E90-4063-BFCA-166DA0DDCE38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r5.0:*:*:*:*:*:*",
              "matchCriteriaId": "B5BF94C4-0456-4CB1-9CC5-02A316C84E09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r5.1:*:*:*:*:*:*",
              "matchCriteriaId": "35F94103-0DB3-4D3A-8247-59E1F86743B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r6.0:*:*:*:*:*:*",
              "matchCriteriaId": "784ADC67-57BF-4FFA-AC13-5F2F1208F39D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r7.0:*:*:*:*:*:*",
              "matchCriteriaId": "E6D81535-5163-4DAD-8AAA-61F107E11EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r7.1:*:*:*:*:*:*",
              "matchCriteriaId": "DCF535C6-97A2-4222-9BF4-A7D16E5598FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r8.0:*:*:*:*:*:*",
              "matchCriteriaId": "2B3806F4-53E6-47B2-9D16-69B566DAAD97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r8.1:*:*:*:*:*:*",
              "matchCriteriaId": "A37BEF28-D0D5-46BD-A460-32734D0D63B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r8.2:*:*:*:*:*:*",
              "matchCriteriaId": "363C9E09-EC06-4A34-8C25-97DCCAA992E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r9.0:*:*:*:*:*:*",
              "matchCriteriaId": "3AB170D9-42AF-417B-8EF8-2895F54D0AEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "2871AAD9-FC12-4E2D-B722-0F721D7FE101",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "2A319BAB-F483-4926-9700-760D8025F747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r2.1:*:*:*:*:*:*",
              "matchCriteriaId": "AA6BD7FD-29A3-468C-8A85-63202EB1B625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r3:*:*:*:*:*:*",
              "matchCriteriaId": "00AA23DF-CA30-41FC-9563-C95BA7D31129",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r4:*:*:*:*:*:*",
              "matchCriteriaId": "D85A6292-EE41-487C-A1DC-0E8E443A8075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r5:*:*:*:*:*:*",
              "matchCriteriaId": "2D829F28-4FFF-40C9-AF62-455BA5BB4E58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r5.1:*:*:*:*:*:*",
              "matchCriteriaId": "8DC693D8-D12B-4A0B-808A-A0808BAA33DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r5.2:*:*:*:*:*:*",
              "matchCriteriaId": "3837BB6E-5236-4B2D-9693-4DE85C7845C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r6:*:*:*:*:*:*",
              "matchCriteriaId": "72430B2F-A311-4DF7-ABBB-1EE0BAF507FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r6.1:*:*:*:*:*:*",
              "matchCriteriaId": "B7FCDCCF-8509-431A-B450-B18C110AAE19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r7:*:*:*:*:*:*",
              "matchCriteriaId": "718B6320-E7BE-4715-A446-541D1AADA027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*",
              "matchCriteriaId": "D47D09A8-4AC4-4CD9-B648-5F26453E2E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*",
              "matchCriteriaId": "59331DC5-FF5F-4BB3-905E-5A4A621F86ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*",
              "matchCriteriaId": "6A708C3F-9050-4475-95B3-4785D3E2CB69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*",
              "matchCriteriaId": "52851AAA-88FB-40BC-B41A-B821F6BA9F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "F05DC11E-7C41-450B-A2BF-603E9252BB40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*",
              "matchCriteriaId": "5DA976D9-A330-475E-B8C0-09EF3E08F18D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*",
              "matchCriteriaId": "59F4A6F7-A6D4-4517-A316-7C7C002A9ED3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability ."
    },
    {
      "lang": "es",
      "value": "En Pulse Secure Pulse Connect Secure (PCS) versi\u00f3n 8.2 en versiones anteriores a la 8.2R12.1, versi\u00f3n 8.3 en versiones anteriores a la 8.3R7.1 y versi\u00f3n 9.0 en versiones anteriores a la 9.0R3.4, un atacante remoto no autenticado puede enviar una URI especialmente dise\u00f1ado para realizar una vulnerabilidad de lectura de archivos arbitraria."
    }
  ],
  "id": "CVE-2019-11510",
  "lastModified": "2026-06-17T02:13:04.277",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.9,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 6.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2019-11510",
          "options": [
            {
              "exploitation": "active"
            },
            {
              "automatable": "yes"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2025-02-03T16:16:21.996263Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2019-05-08T17:29:00.630",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108073"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable",
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/?atype=sa"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/927237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/?atype=sa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/927237"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11510"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-6WR2-QX99-98MG

Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2025-10-22 00:31

Details

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker can upload a malicious file to write to arbitrary files, because of Insecure Permissions.

Severity

10.0 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-11510"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-08T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker can upload a malicious file to write to arbitrary files, because of Insecure Permissions.",
  "id": "GHSA-6wr2-qx99-98mg",
  "modified": "2025-10-22T00:31:39Z",
  "published": "2022-05-24T16:45:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11510"
    },
    {
      "type": "WEB",
      "url": "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510"
    },
    {
      "type": "WEB",
      "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"
    },
    {
      "type": "WEB",
      "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
    },
    {
      "type": "WEB",
      "url": "https://kb.pulsesecure.net/?atype=sa"
    },
    {
      "type": "WEB",
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11510"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/927237"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108073"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-11510

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

Aliases

CVE-2019-11510

Aliases

CVE-2019-11510

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-11510",
    "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .",
    "id": "GSD-2019-11510",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2019-11510"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-11510"
      ],
      "details": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .",
      "id": "GSD-2019-11510",
      "modified": "2023-12-13T01:24:02.479396Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2019-11510",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-04-23",
      "product": "Pulse Connect Secure",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "An unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability.",
      "vendorProject": "Pulse Secure",
      "vulnerabilityName": "Pulse Connect Secure VPN arbitrary file reading vulnerability (COVID-19-CTI list)"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-11510",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability ."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.pulsesecure.net/?atype=sa",
            "refsource": "MISC",
            "url": "https://kb.pulsesecure.net/?atype=sa"
          },
          {
            "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/",
            "refsource": "CONFIRM",
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
          },
          {
            "name": "108073",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/108073"
          },
          {
            "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010",
            "refsource": "CONFIRM",
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
          },
          {
            "name": "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html"
          },
          {
            "name": "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/",
            "refsource": "MISC",
            "url": "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/"
          },
          {
            "name": "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html"
          },
          {
            "name": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf",
            "refsource": "MISC",
            "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
          },
          {
            "name": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/",
            "refsource": "MISC",
            "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
          },
          {
            "name": "[guacamole-user] 20190912 Re: [Guacamole hack attack?]",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E"
          },
          {
            "name": "VU#927237",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/927237"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2021-04-23",
        "cisaExploitAdd": "2021-11-03",
        "cisaRequiredAction": "Apply updates per vendor instructions.",
        "cisaVulnerabilityName": "Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r1.0:*:*:*:*:*:*",
                    "matchCriteriaId": "48B04626-10A7-4A12-AF3D-61C8D980AA21",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r1.1:*:*:*:*:*:*",
                    "matchCriteriaId": "183E1DD7-EE4B-47C4-99E2-CD06ED2E0D4F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r10.0:*:*:*:*:*:*",
                    "matchCriteriaId": "00F4DF7B-ED7F-46FC-8B12-5527FB5A4305",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r11.0:*:*:*:*:*:*",
                    "matchCriteriaId": "4A5AF6A0-6613-4B15-A1A3-AEAC0EF7E374",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r12.0:*:*:*:*:*:*",
                    "matchCriteriaId": "970C2BEE-5798-4A5F-8D4E-7970BFCF0CD2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r2.0:*:*:*:*:*:*",
                    "matchCriteriaId": "1D187DDB-96C8-4435-992E-CFEEE24BC7C5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r3.0:*:*:*:*:*:*",
                    "matchCriteriaId": "1CA6CBE1-CF6C-4D8C-BAB3-0B78E56E85DA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r3.1:*:*:*:*:*:*",
                    "matchCriteriaId": "761102E8-04DB-465A-A592-98C5F5E0ADFA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r4.0:*:*:*:*:*:*",
                    "matchCriteriaId": "3F7455AD-E662-4817-A343-9ACCE763B78E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r4.1:*:*:*:*:*:*",
                    "matchCriteriaId": "A1F61A93-6E90-4063-BFCA-166DA0DDCE38",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r5.0:*:*:*:*:*:*",
                    "matchCriteriaId": "B5BF94C4-0456-4CB1-9CC5-02A316C84E09",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r5.1:*:*:*:*:*:*",
                    "matchCriteriaId": "35F94103-0DB3-4D3A-8247-59E1F86743B8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r6.0:*:*:*:*:*:*",
                    "matchCriteriaId": "784ADC67-57BF-4FFA-AC13-5F2F1208F39D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r7.0:*:*:*:*:*:*",
                    "matchCriteriaId": "E6D81535-5163-4DAD-8AAA-61F107E11EB8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r7.1:*:*:*:*:*:*",
                    "matchCriteriaId": "DCF535C6-97A2-4222-9BF4-A7D16E5598FF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r8.0:*:*:*:*:*:*",
                    "matchCriteriaId": "2B3806F4-53E6-47B2-9D16-69B566DAAD97",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r8.1:*:*:*:*:*:*",
                    "matchCriteriaId": "A37BEF28-D0D5-46BD-A460-32734D0D63B8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r8.2:*:*:*:*:*:*",
                    "matchCriteriaId": "363C9E09-EC06-4A34-8C25-97DCCAA992E1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r9.0:*:*:*:*:*:*",
                    "matchCriteriaId": "3AB170D9-42AF-417B-8EF8-2895F54D0AEE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r1:*:*:*:*:*:*",
                    "matchCriteriaId": "2871AAD9-FC12-4E2D-B722-0F721D7FE101",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r2:*:*:*:*:*:*",
                    "matchCriteriaId": "2A319BAB-F483-4926-9700-760D8025F747",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r2.1:*:*:*:*:*:*",
                    "matchCriteriaId": "AA6BD7FD-29A3-468C-8A85-63202EB1B625",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r3:*:*:*:*:*:*",
                    "matchCriteriaId": "00AA23DF-CA30-41FC-9563-C95BA7D31129",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r4:*:*:*:*:*:*",
                    "matchCriteriaId": "D85A6292-EE41-487C-A1DC-0E8E443A8075",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r5:*:*:*:*:*:*",
                    "matchCriteriaId": "2D829F28-4FFF-40C9-AF62-455BA5BB4E58",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r5.1:*:*:*:*:*:*",
                    "matchCriteriaId": "8DC693D8-D12B-4A0B-808A-A0808BAA33DD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r5.2:*:*:*:*:*:*",
                    "matchCriteriaId": "3837BB6E-5236-4B2D-9693-4DE85C7845C3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r6:*:*:*:*:*:*",
                    "matchCriteriaId": "72430B2F-A311-4DF7-ABBB-1EE0BAF507FD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r6.1:*:*:*:*:*:*",
                    "matchCriteriaId": "B7FCDCCF-8509-431A-B450-B18C110AAE19",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r7:*:*:*:*:*:*",
                    "matchCriteriaId": "718B6320-E7BE-4715-A446-541D1AADA027",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*",
                    "matchCriteriaId": "D47D09A8-4AC4-4CD9-B648-5F26453E2E1D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*",
                    "matchCriteriaId": "59331DC5-FF5F-4BB3-905E-5A4A621F86ED",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*",
                    "matchCriteriaId": "6A708C3F-9050-4475-95B3-4785D3E2CB69",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*",
                    "matchCriteriaId": "52851AAA-88FB-40BC-B41A-B821F6BA9F79",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*",
                    "matchCriteriaId": "F05DC11E-7C41-450B-A2BF-603E9252BB40",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*",
                    "matchCriteriaId": "5DA976D9-A330-475E-B8C0-09EF3E08F18D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*",
                    "matchCriteriaId": "59F4A6F7-A6D4-4517-A316-7C7C002A9ED3",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability ."
          },
          {
            "lang": "es",
            "value": "En Pulse Secure Pulse Connect Secure (PCS) versi\u00f3n 8.2 en versiones anteriores a la 8.2R12.1, versi\u00f3n 8.3 en versiones anteriores a la 8.3R7.1 y versi\u00f3n 9.0 en versiones anteriores a la 9.0R3.4, un atacante remoto no autenticado puede enviar una URI especialmente dise\u00f1ado para realizar una vulnerabilidad de lectura de archivos arbitraria."
          }
        ],
        "id": "CVE-2019-11510",
        "lastModified": "2024-02-27T21:04:17.560",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV30": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              "exploitabilityScore": 3.1,
              "impactScore": 6.0,
              "source": "cve@mitre.org",
              "type": "Secondary"
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 6.0,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2019-05-08T17:29:00.630",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/108073"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://kb.pulsesecure.net/?atype=sa"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "US Government Resource"
            ],
            "url": "https://www.kb.cert.org/vuls/id/927237"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-22"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-11510 (GCVE-0-2019-11510)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Public Report Confirmed Compromise Confidence: 70% Source: kevintel

Details

References

BDU:2019-02980

CNVD-2020-21829

FKIE_CVE-2019-11510

GHSA-6WR2-QX99-98MG

GSD-2019-11510

Tags

Sightings

Nomenclature