CVE-2019-11510 Scanner
Detects 'Arbitrary File Read' vulnerability in Pulse Secure Pulse Connect Secure (PCS) affects v. 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4.
Short Info
Level
Critical
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
30 sec
Scan only one
Url
Parent Category
CVE-2019-11510 Scanner Detail
Pulse Secure Pulse Connect Secure (PCS) is a virtual private network (VPN) solution that is used to provide secure remote access to corporate networks and resources. It allows employees to work remotely from anywhere and anytime while maintaining the security of the network. Pulse Secure PCS has become a popular choice for businesses as a secure remote access solution due to its ease of installation and configuration.
CVE-2019-11510 is a vulnerability that has been detected in the Pulse Secure Pulse Connect Secure (PCS) product. This vulnerability allows an unauthenticated remote attacker to send a specially crafted URI to perform an arbitrary file reading vulnerability. This vulnerability affects multiple versions of the product, including 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4.
When exploited, the CVE-2019-11510 vulnerability could lead to the compromise of confidential corporate data and resources. The attacker could use this vulnerability to access sensitive information, such as user credentials, intellectual property, and financial data. This could result in financial losses, reputational damage, and legal implications for the affected company.
Thanks to the pro features of the securityforeveryone.com platform, readers of this article can easily and quickly learn about vulnerabilities in their digital assets. The platform offers comprehensive vulnerability scanning and assessment services that help businesses identify and address security vulnerabilities before they can be exploited. These services include automated vulnerability scanning, manual penetration testing, and security consultation from expert security professionals. By leveraging the securityforeveryone.com platform, businesses can ensure the security of their digital assets and protect themselves against potential cyber threats.
REFERENCES
- https://kb.pulsesecure.net/?atype=sa
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
- securityfocus.com: 108073
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
- http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html
- https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/
- http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
- lists.apache.org: [guacamole-user] 20190912 Re: [Guacamole hack attack?]
- kb.cert.org: VU#927237
control security posture