cbcvebase.
CVE-2019-11509
published 2019-06-03

CVE-2019-11509: In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS)…

PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
7.82%
93.9th percentile
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.

Affected

7 ranges
VendorProductVersion rangeFixed in
ivanticonnect_secure
ivanticonnect_secure
ivanticonnect_secure
ivanticonnect_secure
ivantipolicy_secure
pulsesecurepulse_policy_secure
pulsesecurepulse_policy_secure

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit requires authentication via the admin web interface; monitor for authenticated admin sessions followed by unexpected code execution on Pulse Connect Secure or Pulse Policy Secure appliances
  • ·Pulse Connect Secure (PCS) versions before 8.1R15.1, 8.2R12.1, 8.3R7.1, and 9.0R3.4 are vulnerable
  • ·Pulse Policy Secure (PPS) versions before 5.1R15.1, 5.2R12.1, 5.3R15.1, 5.4R7.1, and 9.0R3.2 are vulnerable

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.