Unrated severityNVD Advisory· Published May 8, 2019· Updated Aug 4, 2024
CVE-2019-11508
CVE-2019-11508
Description
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Pulse Secure/Pulse Connect Securedescription
- Range: <8.1R15.1 || >=8.2 <8.2R12.1 || >=8.3 <8.3R7.1 || >=9.0 <9.0R3.4
Patches
Vulnerability mechanics
References
7- www.kb.cert.org/vuls/id/927237mitrethird-party-advisoryx_refsource_CERT-VN
- www.securityfocus.com/bid/108073mitrevdb-entryx_refsource_BID
- devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/mitrex_refsource_MISC
- i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdfmitrex_refsource_MISC
- kb.pulsesecure.netmitrex_refsource_MISC
- kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/mitrex_refsource_CONFIRM
- psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.