fkie_nvd - fkie_cve-2019-11542

FKIE_CVE-2019-11542

Vulnerability from fkie_nvd - Published: 2019-04-26 02:29 - Updated: 2024-11-21 04:21

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow.

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/108073	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/	Exploit, Third Party Advisory
cve@mitre.org	https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf	Exploit, Third Party Advisory
cve@mitre.org	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101	Vendor Advisory
cve@mitre.org	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010	Third Party Advisory
cve@mitre.org	https://www.kb.cert.org/vuls/id/927237	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/108073	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/927237	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
ivanti	connect_secure	8.1
ivanti	connect_secure	8.2
ivanti	connect_secure	8.3
pulsesecure	pulse_connect_secure	8.1r1.0
pulsesecure	pulse_connect_secure	8.2r1.0
pulsesecure	pulse_connect_secure	8.2r1.1
pulsesecure	pulse_connect_secure	8.2r2.0
pulsesecure	pulse_connect_secure	8.2r3.0
pulsesecure	pulse_connect_secure	8.2r3.1
pulsesecure	pulse_connect_secure	8.2r4.0
pulsesecure	pulse_connect_secure	8.2r4.1
pulsesecure	pulse_connect_secure	8.2r5.0
pulsesecure	pulse_connect_secure	8.2r5.1
pulsesecure	pulse_connect_secure	8.2r6.0
pulsesecure	pulse_connect_secure	8.2r7.0
pulsesecure	pulse_connect_secure	8.2r7.1
pulsesecure	pulse_connect_secure	8.2rx
pulsesecure	pulse_connect_secure	8.3rx
pulsesecure	pulse_connect_secure	9.0r1
pulsesecure	pulse_connect_secure	9.0r2
pulsesecure	pulse_connect_secure	9.0r2.1
pulsesecure	pulse_connect_secure	9.0r3
pulsesecure	pulse_connect_secure	9.0r3.1
pulsesecure	pulse_connect_secure	9.0r3.2
pulsesecure	pulse_connect_secure	9.0rx
pulsesecure	pulse_policy_secure	5.1r1.0
pulsesecure	pulse_policy_secure	5.1r1.1
pulsesecure	pulse_policy_secure	5.1r2.0
pulsesecure	pulse_policy_secure	5.1r2.1
pulsesecure	pulse_policy_secure	5.1r3.0
pulsesecure	pulse_policy_secure	5.1r3.2
pulsesecure	pulse_policy_secure	5.1r4.0
pulsesecure	pulse_policy_secure	5.1r5.0
pulsesecure	pulse_policy_secure	5.1r6.0
pulsesecure	pulse_policy_secure	5.1r7.0
pulsesecure	pulse_policy_secure	5.1r8.0
pulsesecure	pulse_policy_secure	5.1r9.0
pulsesecure	pulse_policy_secure	5.1r9.1
pulsesecure	pulse_policy_secure	5.1r10.0
pulsesecure	pulse_policy_secure	5.1r11.0
pulsesecure	pulse_policy_secure	5.1r11.1
pulsesecure	pulse_policy_secure	5.1r12.0
pulsesecure	pulse_policy_secure	5.1r12.1
pulsesecure	pulse_policy_secure	5.1r13.0
pulsesecure	pulse_policy_secure	5.1r14.0
pulsesecure	pulse_policy_secure	5.2r1.0
pulsesecure	pulse_policy_secure	5.2r2.0
pulsesecure	pulse_policy_secure	5.2r3.0
pulsesecure	pulse_policy_secure	5.2r3.2
pulsesecure	pulse_policy_secure	5.2r4.0
pulsesecure	pulse_policy_secure	5.2r5.0
pulsesecure	pulse_policy_secure	5.2r6.0
pulsesecure	pulse_policy_secure	5.2r7.0
pulsesecure	pulse_policy_secure	5.2r7.1
pulsesecure	pulse_policy_secure	5.2r8.0
pulsesecure	pulse_policy_secure	5.2r9.0
pulsesecure	pulse_policy_secure	5.2r9.1
pulsesecure	pulse_policy_secure	5.2r10.0
pulsesecure	pulse_policy_secure	5.2r11.0
pulsesecure	pulse_policy_secure	5.2rx
pulsesecure	pulse_policy_secure	5.3r1.0
pulsesecure	pulse_policy_secure	5.3r1.1
pulsesecure	pulse_policy_secure	5.3r2.0
pulsesecure	pulse_policy_secure	5.3r3.0
pulsesecure	pulse_policy_secure	5.3r3.1
pulsesecure	pulse_policy_secure	5.3r4.0
pulsesecure	pulse_policy_secure	5.3r4.1
pulsesecure	pulse_policy_secure	5.3r5.0
pulsesecure	pulse_policy_secure	5.3r5.1
pulsesecure	pulse_policy_secure	5.3r5.2
pulsesecure	pulse_policy_secure	5.3r6.0
pulsesecure	pulse_policy_secure	5.3r7.0
pulsesecure	pulse_policy_secure	5.3r8.0
pulsesecure	pulse_policy_secure	5.3r8.1
pulsesecure	pulse_policy_secure	5.3r8.2
pulsesecure	pulse_policy_secure	5.3r9.0
pulsesecure	pulse_policy_secure	5.3r10.
pulsesecure	pulse_policy_secure	5.3r11.0
pulsesecure	pulse_policy_secure	5.3r12.0
pulsesecure	pulse_policy_secure	5.3rx
pulsesecure	pulse_policy_secure	5.4r1
pulsesecure	pulse_policy_secure	5.4r2
pulsesecure	pulse_policy_secure	5.4r2.1
pulsesecure	pulse_policy_secure	5.4r3
pulsesecure	pulse_policy_secure	5.4r4
pulsesecure	pulse_policy_secure	5.4r5
pulsesecure	pulse_policy_secure	5.4r5.2
pulsesecure	pulse_policy_secure	5.4r6
pulsesecure	pulse_policy_secure	5.4r6.1
pulsesecure	pulse_policy_secure	5.4r7
pulsesecure	pulse_policy_secure	5.4rx
pulsesecure	pulse_policy_secure	9.0r1
pulsesecure	pulse_policy_secure	9.0r2
pulsesecure	pulse_policy_secure	9.0r2.1
pulsesecure	pulse_policy_secure	9.0r3
pulsesecure	pulse_policy_secure	9.0r3.1
pulsesecure	pulse_policy_secure	9.0rx

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "202E4839-7CE4-49CE-BEE1-CB33A96770E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BCE3E8-ED64-4CCD-9A3F-3D99476B81E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB453513-AFEA-4E68-8441-3984E83FFB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2037BE1-408C-47E8-8A70-8440BF3A1ED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7369296-0C10-4B64-A0EC-2E7BFAC5BB40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F13F586F-A5FA-424F-B172-14FC29402F59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6BE71A8-1C4A-4CE0-A78C-DCF72E6775BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E0AC17-77DE-440F-8166-FD3A8D039EB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A7A8628-6636-485E-B888-A13D732D87C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB60BAE-D42E-4953-822D-C9B4CF83EA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A9BB556-DADF-49F0-BEF2-84629EC430FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AB1607-3B0C-49A8-95E0-68FB8DF6432B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ACA79EE-8F71-4805-B4D4-72B40EE7933D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "261B6197-161F-4141-B5D1-95160AFA3B45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE79E96-37CA-46F5-B14C-9024E4D7CD25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A559BDBF-FEE2-4DC2-B4D8-597DD78332DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "97B87335-3883-4B3F-863E-A1E3E7541049",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD77C208-DD3E-46BD-930F-93BB39799D08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47D68BA7-3626-4D54-B6B3-ED0C2F25ADC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "190F575A-E9D4-403B-9AAC-D665D80B37D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B522EA-2724-4D88-89FE-8A3E1297313E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6444B34E-C3E3-4959-8C5D-ACF5FF65D2DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DF9BB1A-07D4-4757-BC09-49CCC044CE92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F4694C1-667B-4BAC-ABF1-92AE4FD26893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FE2F01-1675-45FB-90ED-A7A8C3E79114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45491FB0-2EDC-4B62-838F-A8CB2E92F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62EC1F3-10DC-4387-B4DA-8EA8086EA390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "75A2801C-029F-469C-9492-9AB0535B1F6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "219B113E-88AB-4250-81BB-3735A49A09C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84885E71-5C0D-4869-97A5-B8F955FBE728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8F5AB09-D5D3-4499-BDE8-6471F827D825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FF5E94-07F5-416C-976F-4FF22141A145",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E77318F9-AA30-4010-A351-98A3942DA8DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D328C58-51A0-4A62-8CFC-BAA5A9D8EDF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3015D79-3AD8-4EBE-A236-6ADEC2AA4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8BFFFF2-BA60-483A-BD7E-041EDD1932E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D04A72C3-2735-4F83-8F91-82405C16FE40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A100AF1-A8A7-4E0A-9D29-E00C56C0AAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "596A0CEE-44FD-4A03-8386-750D0E4947D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEDA32E5-A047-49FD-A52C-FDA132881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65900FCC-9DD2-4606-B125-451946734453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB8051E3-A7F0-4E17-AB73-E4F1DBD6FB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A3DEE0B-048F-4FE8-A508-043D87F54611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "262F4B72-D73E-41B4-B62A-39AD505412D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF64796-2698-48EF-AF93-86F070967C98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A42EFC8-C5FF-4397-87CF-263813FAA5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C952B5B8-DCAB-476A-9E60-3F1BBE509F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F199F01-9EEA-4184-AD99-6B21110484AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9938EBCC-B9B7-4FB1-9ACB-9BED485AB5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B4A309B-ACB0-4053-909A-6889129EB2C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8A4A105-EBF3-4895-9ABE-50972DD232F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4013CA1C-48F0-46F6-B327-E6B34311A7EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "112B9736-336D-4C72-A960-0B33DD3439EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FA8DC5-900B-4A53-AF55-410A7FF901E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4946BBE-E449-4F89-910C-3389BDF36071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDBD7BC-C9A7-48C2-B3BC-8E2C90F54268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4B56D6E-2429-4511-8FE6-A9BE1226F031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "17BD737E-F387-4239-B3C6-E4B71EB13995",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFC6D632-9B03-4CFF-85D8-B4127257A47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "C766CBF4-502C-4522-845C-A5436DD1960D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94170224-C78B-458A-B63E-53E303B0DCE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17449ADA-D4CC-4A23-9699-2D3E695C519A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44B21A8C-F09F-4286-8E32-C10E474C8D3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8654C226-F77A-464D-9AD1-010DC11F8C46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "70F3AFCF-8723-4F80-89A2-BC9D62CE920E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "545F18AB-635E-47C0-ACFE-8B2A849253FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52DD6EDE-5CF1-4BD9-93B7-8100ED9DDC3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D74E173-3599-4A32-BE9A-482998800122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "116DD35E-B83E-4865-8B54-E5C68D148187",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D02A7DF-69CE-426B-8153-3BA404B4AC64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA199898-3820-4B6C-ADF6-9EA0E8238200",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37EBB8A-48E0-4092-A5E4-ABA0C02934AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EAEBC16-AA55-4145-8FD4-84217DE4CB6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF3A87EB-CEF3-4CE3-A258-EE95560D46F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B273CCA-CFA6-4A73-99D1-44A51ADBAF00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E92137-41D4-4350-AD8D-B2F36FBA5B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r10.:*:*:*:*:*:*:*",
              "matchCriteriaId": "18E78ACD-828A-421D-88B7-C08079CD39A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60129D21-0A5D-44B6-A9F0-C97E3327C58D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13477A91-0880-4CDA-A932-12912909E1AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E78343D-6F53-44C0-8C45-694E6D03DB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F2FFEC-F243-4D85-888E-339C60B3C0CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A841849-DA0E-4BAA-8807-F42481C9457D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EC5A497-1FA2-4AE4-A611-553129B9F78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "479B25A4-59AA-4FA4-B1CC-E06781D00962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91C0556B-2420-46F2-A08E-EC83DA514A69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r5:*:*:*:*:*:*:*",
              "matchCriteriaId": "479C0704-9FE5-42D6-8968-780391708F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABE3B07D-879B-4AF2-9AA7-D9F64A577373",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "497631E3-0E1F-4267-8ADA-7697FF0BF7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF444E5-2EEA-4223-85E1-B2EA6D0543E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA2AD75-A6DD-48D0-83E7-A5F00F31C010",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "07A6F2EF-09AF-4DAA-A552-6111C51DD210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C50D348-E894-4B8D-ACFF-DE04FB47A97B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "436C11B9-1A19-4751-877C-104370C769A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F709A2-79F6-4912-9B81-6EBF9E0D438E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B694A761-C3DC-41C9-8FFA-271950BEFE60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE48A776-5899-47E8-8B1C-B046594E6084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB7BB3D9-7259-4DF3-B408-AE421CE206D4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow."
    },
    {
      "lang": "es",
      "value": "En Pulse Secure Pulse Connect Secure versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX anteriores a 8.3R7.1, versiones 8.2RX anteriores a 8.2R12.1, y versiones 8.1RX anteriores a 8.1R15.1; Pulse Policy Secure versiones 9.0RX anteriores a 9.0R3.2, versiones 5.4RX anteriores a 5.4R7.1, versiones 5.3RX anteriores a  5.3R12.1, versiones 5.2RX anteriores a 5.2R12.1, y versiones 5.1RX anteriores a 5.1R15.1, un atacante autenticado (a trav\u00e9s de la interfaz web de administraci\u00f3n) puede enviar un mensaje especialmente dise\u00f1ado que resulte en un desbordamiento de b\u00fafer basado en pila ."
    }
  ],
  "id": "CVE-2019-11542",
  "lastModified": "2024-11-21T04:21:18.523",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-26T02:29:00.487",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108073"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/927237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/927237"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2019-11542 (GCVE-0-2019-11542)

Vulnerability from cvelistv5 – Published: 2019-04-26 01:40 – Updated: 2024-08-04 22:55

Summary

Severity ?

8 (High)


                        
                          CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N

CWE

Assigner

mitre

References

URL

Tags

	https://kb.pulsesecure.net/articles/Pulse_Securit…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/108073	vdb-entryx_refsource_BID
	https://psirt.global.sonicwall.com/vuln-detail/SN…	x_refsource_CONFIRM
	https://i.blackhat.com/USA-19/Wednesday/us-19-Tsa…	x_refsource_MISC
	https://devco.re/blog/2019/09/02/attacking-ssl-vp…	x_refsource_MISC
	https://www.kb.cert.org/vuls/id/927237	third-party-advisoryx_refsource_CERT-VN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:55:40.973Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
          },
          {
            "name": "108073",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108073"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
          },
          {
            "name": "VU#927237",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/927237"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-16T17:06:22",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
        },
        {
          "name": "108073",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108073"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
        },
        {
          "name": "VU#927237",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/927237"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-11542",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
            },
            {
              "name": "108073",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108073"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
            },
            {
              "name": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf",
              "refsource": "MISC",
              "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
            },
            {
              "name": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/",
              "refsource": "MISC",
              "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
            },
            {
              "name": "VU#927237",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/927237"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-11542",
    "datePublished": "2019-04-26T01:40:33",
    "dateReserved": "2019-04-25T00:00:00",
    "dateUpdated": "2024-08-04T22:55:40.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2019-11542

CVE-2019-11542 (GCVE-0-2019-11542)

Tags

Sightings

Nomenclature