CVE-2019-11510
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
AnalysisAI
Pulse Secure Pulse Connect Secure contains a pre-authentication arbitrary file reading vulnerability that allows unauthenticated remote attackers to read any file from the VPN appliance, including cached credentials and session tokens.
Technical ContextAI
The CWE-22 path traversal vulnerability allows unauthenticated requests to read arbitrary files by sending a crafted URI to the VPN web interface. Critical files exposed include /etc/passwd, /etc/shadow (encrypted), and most importantly the session database containing cached AD credentials in plaintext and active VPN session cookies.
Affected ProductsAI
Pulse Secure Pulse Connect Secure 8.2 before 8.2R12.1 Pulse Secure PCS 8.3 before 8.3R7.1 Pulse Secure PCS 9.0 before 9.0R3.4
RemediationAI
Patch immediately. After patching, rotate ALL Active Directory credentials that were cached on the VPN appliance. Revoke all active VPN sessions. Enable MFA for VPN access. Review authentication logs for unauthorized access using stolen credentials.
Same weakness CWE-22 – Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today