hrbrmstr's assessment of CVE-2019-11510

Description

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

Add Assessment

dmelcher5151 (19)

April 15, 2020 4:11pm UTC (4 years ago)•Edited 3 years ago

Ratings

Attacker Value

Very High

Exploitability

Very High

Common in enterprise Easy to weaponize Gives privileged access Unauthenticated Vulnerable in default configuration

Technical Analysis

Can download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.

hrbrmstr (72)

May 12, 2020 7:55pm UTC (4 years ago)

Ratings

Attacker Value

Very High

Exploitability

Very High

Common in enterprise Easy to weaponize Gives privileged access Unauthenticated Vulnerable in default configuration

Technical Analysis

This CVE made it into US-CERT’s “Top 10” bulletin released in May, 2020 – https://www.us-cert.gov/ncas/alerts/aa20-133a / https://web.archive.org/web/20200512161248/https://www.us-cert.gov/ncas/alerts/aa20-133a

Vulnerable Products: Pulse Connect Secure 9.0R1 – 9.0R3.3, 8.3R1 – 8.3R7, 8.2R1 – 8.2R12, 8.1R1 – 8.1R15 and Pulse Policy Secure 9.0R1 – 9.0R3.1, 5.4R1 – 5.4R7, 5.3R1 – 5.3R12, 5.2R1 – 5.2R12, 5.1R1 – 5.1R15
Mitigation: Update affected Pulse Secure devices with the latest security patches.

See More &1 replySee Less

gwillcox-r7 (579) July 28, 2021 3:46pm UTC (3 years ago)

Expanding on this a bit but with https://us-cert.cisa.gov/ncas/alerts/aa21-209a it should be noted that heavy exploitation of this vulnerability was noted by CISA in 2020 by APT groups.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

10.0 Critical

Impact Score:

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Changed

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

ivanti

Products

connect secure 8.2,
connect secure 8.3,
connect secure 9.0

Metasploit Modules

Pulse Secure VPN Arbitrary File Disclosure (https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/pulse_secure_file_disclosure.rb)

Exploited in the Wild

Reported by:

AttackerKB Worker

Reported: September 25, 2020 8:39pm UTC (4 years ago)

gwillcox-r7 indicated sources as

Government or Industry Alert (https://us-cert.cisa.gov/ncas/alerts/aa21-209a)
News Article or Blog (https://securelist.com/black-kingdom-ransomware/102873/)
Other: Most Exploited Vulnerabilities 2020 (https://www.ic3.gov/Media/News/2021/210728.pdf)

Reported: June 17, 2021 7:25pm UTC (3 years ago) • Edited 2 years ago

References

Rapid7

Very High

CVE-2019-11510

Very High

Very High

None

None

Network

CVE-2019-11510

Description

Add Assessment

Ratings

Technical Analysis

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Very High

CVE-2019-11510

Very High

Very High

None

None

Network

CVE-2019-11510

Description

Add Assessment

Ratings

Technical Analysis

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification