CVE-2019-11510 Scanner
CVE-2019-11510 scanner - Arbitrary File Read vulnerability in Pulse Secure Pulse Connect Secure (PCS)
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
30 seconds
Time Interval
4 weeks
Scan only one
URL
Toolbox
-
Pulse Secure Pulse Connect Secure (PCS) is a virtual private network (VPN) solution that is used to provide secure remote access to corporate networks and resources. It allows employees to work remotely from anywhere and anytime while maintaining the security of the network. Pulse Secure PCS has become a popular choice for businesses as a secure remote access solution due to its ease of installation and configuration.
CVE-2019-11510 is a vulnerability that has been detected in the Pulse Secure Pulse Connect Secure (PCS) product. This vulnerability allows an unauthenticated remote attacker to send a specially crafted URI to perform an arbitrary file reading vulnerability. This vulnerability affects multiple versions of the product, including 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4.
When exploited, the CVE-2019-11510 vulnerability could lead to the compromise of confidential corporate data and resources. The attacker could use this vulnerability to access sensitive information, such as user credentials, intellectual property, and financial data. This could result in financial losses, reputational damage, and legal implications for the affected company.
Thanks to the pro features of the s4e.io platform, readers of this article can easily and quickly learn about vulnerabilities in their digital assets. The platform offers comprehensive vulnerability scanning and assessment services that help businesses identify and address security vulnerabilities before they can be exploited. These services include automated vulnerability scanning, manual penetration testing, and security consultation from expert security professionals. By leveraging the s4e.io platform, businesses can ensure the security of their digital assets and protect themselves against potential cyber threats.
REFERENCES
- https://kb.pulsesecure.net/?atype=sa
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
- securityfocus.com: 108073
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
- http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html
- https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/
- http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
- lists.apache.org: [guacamole-user] 20190912 Re: [Guacamole hack attack?]
- kb.cert.org: VU#927237
