← voltar
CVE-2019-11508

CVE-2019-11508

CVSS 8.6 HIGHEPSS 15.0%
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.
CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:C/UI:N
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdfhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/https://kb.pulsesecure.net/?atype=sahttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010https://www.kb.cert.org/vuls/id/927237http://www.securityfocus.com/bid/108073