Vulnerability CVE-2019-11508
Published: 2019-05-08

Description:
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.

Type:

CWE-22

 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Pulsesecure -> Pulse connect secure 

 References:
https://kb.pulsesecure.net/?atype=sa
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
Copyright 2024, cxsecurity.com

 

Back to Top