cbcvebase.
CVE-2019-11542
published 2019-04-26

CVE-2019-11542: In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy…

PriorityP263high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
66.60%
99.2th percentile
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow.

Affected

97 ranges· showing 25
VendorProductVersion rangeFixed in
ivanticonnect_secure
ivanticonnect_secure
ivanticonnect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure
pulsesecurepulse_connect_secure

Detection & IOCsextracted from sources · hover to see the quote

  • Exploitation requires an authenticated attacker sending a specially crafted message via the admin web interface, so monitor for anomalous or unexpected POST/request activity to the Pulse Connect Secure / Pulse Policy Secure admin web interface from authenticated sessions
  • ·Affected Pulse Connect Secure versions: 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, 8.1RX before 8.1R15.1. Affected Pulse Policy Secure versions: 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, 5.1RX before 5.1R15.1. Ensure admin web interface access is restricted to trusted IPs only to reduce attack surface.

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.0HIGHCVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.