Detections
Analytics
CVE-2019-11539
high
Description
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
References
https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem
https://www.tenable.com/blog/hold-the-door-why-organizations-need-to-prioritize-patching-ssl-vpns
https://www.tenable.com/cyber-exposure/2020-threat-landscape-retrospective
https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-259a
https://www.kb.cert.org/vuls/id/927237
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
http://www.securityfocus.com/bid/108073
http://packetstormsecurity.com/files/162092/Pulse-Secure-VPN-Arbitrary-Command-Execution.html
http://packetstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-Execution.html