cbcvebase.
CVE-2019-11213
published 2019-04-12

CVE-2019-11213: In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain…

PriorityP347high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
2.82%
84.8th percentile
In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3.

Affected

5 ranges
VendorProductVersion rangeFixed in
ivanticonnect_secure>= 9.0r1 < 9.0r39.0r3
pulsesecurepulse_connect_secure8.1r1.0 – 8.1r14.0
pulsesecurepulse_connect_secure>= 8.3r1 < 8.3r78.3r7
pulsesecurepulse_secure_desktop_client>= 5.0r1.0 < 5.3r75.3r7
pulsesecurepulse_secure_desktop_client>= 9.0r1 < 9.0r39.0r3

CVSS provenance

nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.