Lucene search

[email protected]NVD:CVE-2019-11538

HistoryApr 26, 2019 - 2:29 a.m.

CVE-2019-11538

2019-04-2602:29:00

CWE-59

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.8%

JSON

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device.

Affected configurations

NVD

Node

ivanticonnect_secureMatch8.1r1.0

ivanticonnect_secureMatch8.1r1.1

ivanticonnect_secureMatch8.1r10.0

ivanticonnect_secureMatch8.1r11.0

ivanticonnect_secureMatch8.1r11.1

ivanticonnect_secureMatch8.1r12.0

ivanticonnect_secureMatch8.1r12.1

ivanticonnect_secureMatch8.1r13.0

ivanticonnect_secureMatch8.1r14.0

ivanticonnect_secureMatch8.1r2.0

ivanticonnect_secureMatch8.1r2.1

ivanticonnect_secureMatch8.1r3.0

ivanticonnect_secureMatch8.1r3.1

ivanticonnect_secureMatch8.1r3.2

ivanticonnect_secureMatch8.1r4.0

ivanticonnect_secureMatch8.1r4.1

ivanticonnect_secureMatch8.1r5.0

ivanticonnect_secureMatch8.1r6.0

ivanticonnect_secureMatch8.1r7.0

ivanticonnect_secureMatch8.1r8.0

ivanticonnect_secureMatch8.1r9.0

ivanticonnect_secureMatch8.1r9.1

ivanticonnect_secureMatch8.1r9.2

ivanticonnect_secureMatch8.2r1.0

ivanticonnect_secureMatch8.2r1.1

ivanticonnect_secureMatch8.2r10.0

ivanticonnect_secureMatch8.2r11.0

ivanticonnect_secureMatch8.2r12.0

ivanticonnect_secureMatch8.2r2.0

ivanticonnect_secureMatch8.2r3.0

ivanticonnect_secureMatch8.2r3.1

ivanticonnect_secureMatch8.2r4.0

ivanticonnect_secureMatch8.2r4.1

ivanticonnect_secureMatch8.2r5.0

ivanticonnect_secureMatch8.2r5.1

ivanticonnect_secureMatch8.2r6.0

ivanticonnect_secureMatch8.2r7.0

ivanticonnect_secureMatch8.2r7.1

ivanticonnect_secureMatch8.2r7.2

ivanticonnect_secureMatch8.2r8.0

ivanticonnect_secureMatch8.2r8.1

ivanticonnect_secureMatch8.2r8.2

ivanticonnect_secureMatch8.2r9.0

ivanticonnect_secureMatch8.3r1

ivanticonnect_secureMatch8.3r2

ivanticonnect_secureMatch8.3r2.1

ivanticonnect_secureMatch8.3r3

ivanticonnect_secureMatch8.3r4

ivanticonnect_secureMatch8.3r5

ivanticonnect_secureMatch8.3r5.1

ivanticonnect_secureMatch8.3r5.2

ivanticonnect_secureMatch8.3r6

ivanticonnect_secureMatch8.3r6.1

ivanticonnect_secureMatch9.0r1

ivanticonnect_secureMatch9.0r2

ivanticonnect_secureMatch9.0r2.1

ivanticonnect_secureMatch9.0r3

ivanticonnect_secureMatch9.0r3.1

ivanticonnect_secureMatch9.0r3.2

References

www.securityfocus.com/bid/108073

devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/

i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010

www.kb.cert.org/vuls/id/927237

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.8%

JSON

Related for NVD:CVE-2019-11538

cve1 prion1 cvelist1 hackerone5 myhack581 cert1 nessus1