Vulnerability CVE-2019-11539


Published: 2019-04-25   Modified: 2019-04-26

Description:
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.

See advisories in our WLB2 database:
Topic
Author
Date
High
Pulse Secure Post-Auth Remote Code Execution
Alyssa Herrera, ...
08.09.2019

Type:

CWE-77

(Improper Neutralization of Special Elements used in a Command ('Command Injection'))

Vendor: Pulsesecure
Product: Pulse policy secure 
Version:
9.0rx
9.0r3.1
9.0r3
9.0r2.1
9.0r2
9.0r1
5.4rx
5.4r7
5.4r6.1
5.4r6
5.4r5.2
5.4r5
5.4r4
5.4r3
5.4r2.1
5.4r2
5.4r1
5.3rx
5.3r9.0
5.3r8.2
5.3r8.1
5.3r8.0
5.3r7.0
5.3r6.0
5.3r5.2
5.3r5.1
5.3r5.0
5.3r4.1
5.3r4.0
5.3r3.1
5.3r3.0
5.3r2.0
5.3r12.0
5.3r11.0
5.3r10.
5.3r1.1
5.3r1.0
See more versions on NVD
Product: Pulse connect secure 
Version:
9.0rx
9.0r3.2
9.0r3.1
9.0r3
9.0r2.1
9.0r2
9.0r1
8.3rx
8.3r7
8.3r6.1
8.3r6
8.3r5.2
8.3r5.1
8.3r5
8.3r4
8.3r3
8.3r2.1
8.3r2
8.3r1
8.2rx
8.2r9.0
8.2r8.2
8.2r8.1
8.2r8.0
8.2r7.2
8.2r7.1
8.2r7.0
8.2r6.0
8.2r5.1
8.2r5.0
8.2r4.1
8.2r4.0
8.2r3.1
8.2r3.0
8.2r2.0
8.2r12.0
8.2r11.0
8.2r10.0
8.2r1.1
8.2r1.0
8.1r9.2
8.1r9.1
8.1r9.0
8.1r8.0
8.1r7.0
8.1r6.0
8.1r5.0
8.1r4.1
8.1r4.0
8.1r3.2
8.1r3.1
8.1r3.0
8.1r2.1
8.1r2.0
8.1r14.0
8.1r13.0
8.1r12.1
8.1r12.0
8.1r11.1
8.1r11.0
8.1r10.0
8.1r1.1
8.1r1.0
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/108073
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010

Related CVE
CVE-2018-20814
An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX.
CVE-2018-20813
An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2.
CVE-2018-20812
An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. This is applicable only to dual-stack (IPv4/IPv6) endpoin...
CVE-2018-20811
A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12.
CVE-2018-20810
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX...
CVE-2018-20809
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.
CVE-2018-20808
An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.
CVE-2018-20807
An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly.

Copyright 2019, cxsecurity.com

 

Back to Top