CVE-2019-11540 — Ivanti Connect Secure vulnerability

6 documents4 sources

Severity

9.8CRITICALNVD

EPSS

6.3%

top 9.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ivanti Connect Secure Pulsesecure Pulse Connect Secure Pulsesecure Pulse Policy Secure

Timeline

PublishedApr 26

Latest updateJun 18

Description

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDpulsesecure/pulse_policy_secure17 versions+16

▶NVDpulsesecure/pulse_connect_secure8 versions+7

▶NVDivanti/connect_secure8.3

🔴Vulnerability Details

GHSA

GHSA-rp2c-496x-gf5c: In Pulse Secure Pulse Connect Secure version 9↗2022-05-24

▶

CVEList

CVE-2019-11540: In Pulse Secure Pulse Connect Secure version 9↗2019-04-26

▶

💬Community

HackerOne

Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://██████ (███)↗2024-06-18

▶

HackerOne

Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████↗2021-07-29

▶

HackerOne

Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███↗2019-12-02

▶