CVE-2019-11539
CVE-2019-11539
In short
An authenticated attacker can inject and execute arbitrary commands through the admin web interface of Pulse Secure products, compromising the entire system. This is a critical flaw because it allows someone with login credentials to take complete control of the device.
Technical detail
CWE-78 command injection vulnerability in the admin web interface of Pulse Connect Secure and Pulse Policy Secure allows authenticated users to execute arbitrary OS commands. The attack vector requires valid administrator credentials and affects multiple product versions prior to specified patch levels; successful exploitation grants complete system compromise.
Summary generated and translated by AI from the official description.
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N
Affected products
n/a · n/apublic PoCs found — 6
githubgithub.com/0xDezzy/CVE-2019-11539★ 132cve_referencepacketstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/162092/Pulse-Secure-VPN-Arbitrary-Command-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47354unverifiedexploitdbwww.exploit-db.com/exploits/47700unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-Execution.htmlhttp://packetstormsecurity.com/files/162092/Pulse-Secure-VPN-Arbitrary-Command-Execution.htmlhttps://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdfhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11539https://www.kb.cert.org/vuls/id/927237http://www.securityfocus.com/bid/108073