Vulnerability Description
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Connect Secure | 8.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108073Third Party AdvisoryVDB Entry
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-SecurExploitThird Party Advisory
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-IntranExploitThird Party Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101Vendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010Third Party Advisory
- https://www.kb.cert.org/vuls/id/927237Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/108073Third Party AdvisoryVDB Entry
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-SecurExploitThird Party Advisory
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-IntranExploitThird Party Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101Vendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010Third Party Advisory
- https://www.kb.cert.org/vuls/id/927237Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-11538?
CVE-2019-11538 is a vulnerability with a CVSS score of 7.7 (HIGH). In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to acces...
How severe is CVE-2019-11538?
CVE-2019-11538 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11538?
Check the references section above for vendor advisories and patch information. Affected products include: Ivanti Connect Secure.