Unrated severityCISA KEVNVD Advisory· Published Apr 26, 2019· Updated Oct 21, 2025
CVE-2019-11539
CVE-2019-11539
Description
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.kb.cert.org/vuls/id/927237mitrethird-party-advisoryx_refsource_CERT-VN
- packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-Execution.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/162092/Pulse-Secure-VPN-Arbitrary-Command-Execution.htmlmitrex_refsource_MISC
- www.securityfocus.com/bid/108073mitrevdb-entryx_refsource_BID
- devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/mitrex_refsource_MISC
- i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdfmitrex_refsource_MISC
- kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101mitrex_refsource_CONFIRM
- psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.