CVE-2019-11542
Description
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authenticated attacker can cause a stack buffer overflow on Pulse Secure VPN appliances by sending a crafted message via the admin web interface.
Vulnerability
CVE-2019-11542 is a stack buffer overflow vulnerability in Pulse Secure Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) appliances. The flaw resides in the admin web interface, where an authenticated attacker can send a specially crafted message that overflows a stack buffer. Affected versions include PCS 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1; and PPS 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1 [2].
Exploitation
An attacker must have authenticated access to the admin web interface of the vulnerable Pulse Secure appliance. The attacker then sends a specially crafted message to the administrative interface, which triggers a stack buffer overflow [2]. The DEVCORE research team (Orange Tsai and Meh Chang) detailed similar attack chains in their blog post, though the exact sequence for this specific CVE is not further described in available references [1].
Impact
Successful exploitation of this stack buffer overflow can allow an authenticated attacker to achieve remote code execution (RCE) on the affected Pulse Secure appliance. This gives the attacker full control over the VPN server, potentially allowing further compromise of connected clients and internal network resources [1][2].
Mitigation
Pulse Secure released software patches in April 2019 to address this vulnerability. The fixed versions are Pulse Connect Secure 9.0R3.4, 8.3R7.1, 8.2R12.1, and 8.1R15.1; and Pulse Policy Secure 9.0R3.2, 5.4R7.1, 5.3R12.1, 5.2R12.1, and 5.1R15.1 [2]. No viable workarounds exist other than applying the vendor-provided patches. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog at the time of this writing.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <9.0R3.4; <8.3R7.1; <8.2R12.1; <8.1R15.1
- Range: <9.0R3.2; <5.4R7.1; <5.3R12.1; <5.2R12.1; <5.1R15.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.kb.cert.org/vuls/id/927237mitrethird-party-advisoryx_refsource_CERT-VN
- www.securityfocus.com/bid/108073mitrevdb-entryx_refsource_BID
- devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/mitrex_refsource_MISC
- i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdfmitrex_refsource_MISC
- kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101mitrex_refsource_CONFIRM
- psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.