CVE-2019-11510
critical-risk
Published 2019-05-08
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
Do I need to act?
!
94.5% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Affected Vendors
References (23)
Third Party Advisory
http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure...
Broken Link
http://www.securityfocus.com/bid/108073
Third Party Advisory
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intran...
Not Applicable
https://kb.pulsesecure.net/?atype=sa
Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
Third Party Advisory
https://www.kb.cert.org/vuls/id/927237
Third Party Advisory
http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure...
Broken Link
http://www.securityfocus.com/bid/108073
Third Party Advisory
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intran...
Not Applicable
https://kb.pulsesecure.net/?atype=sa
and 3 more references
84
/ 100
critical-risk
Severity
33/34 · Critical
Exploitability
27/34 · High
Exposure
24/34 · High