← Back to CVEs
CVE-2019-11540
CRITICAL9.8
Description
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published4/26/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
ivanti:connect_securepulsesecure:pulse_connect_securepulsesecure:pulse_policy_secure
References
http://www.securityfocus.com/bid/108073(cve@mitre.org)
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/(cve@mitre.org)
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf(cve@mitre.org)
https://www.kb.cert.org/vuls/id/927237(cve@mitre.org)
http://www.securityfocus.com/bid/108073(af854a3a-2127-422b-91ae-364da2661108)
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/(af854a3a-2127-422b-91ae-364da2661108)
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101(af854a3a-2127-422b-91ae-364da2661108)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010(af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/927237(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.