← Voltar para CVEs
CVE-2019-11540
CRITICAL9.8
Descricao
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/26/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
ivanti:connect_securepulsesecure:pulse_connect_securepulsesecure:pulse_policy_secure
Referencias
http://www.securityfocus.com/bid/108073(cve@mitre.org)
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/(cve@mitre.org)
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf(cve@mitre.org)
https://www.kb.cert.org/vuls/id/927237(cve@mitre.org)
http://www.securityfocus.com/bid/108073(af854a3a-2127-422b-91ae-364da2661108)
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/(af854a3a-2127-422b-91ae-364da2661108)
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101(af854a3a-2127-422b-91ae-364da2661108)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010(af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/927237(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.