CVE-2019-11539
critical-risk
Published 2019-04-26
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
Do I need to act?
!
93.9% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Affected Vendors
References (19)
Third Party Advisory
http://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SS...
Third Party Advisory
http://packetstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-E...
Broken Link
http://www.securityfocus.com/bid/108073
Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
Third Party Advisory
https://www.kb.cert.org/vuls/id/927237
Third Party Advisory
http://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SS...
Third Party Advisory
http://packetstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-E...
Broken Link
http://www.securityfocus.com/bid/108073
Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
Third Party Advisory
https://www.kb.cert.org/vuls/id/927237
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-...
92
/ 100
critical-risk
Severity
26/34 · High
Exploitability
34/34 · Critical
Exposure
32/34 · Critical