Vulnerability Description
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Connect Secure | 8.3 |
| Pulsesecure | Pulse Connect Secure | 8.3rx |
| Pulsesecure | Pulse Policy Secure | 5.4r1 |
References
- http://www.securityfocus.com/bid/108073Third Party AdvisoryVDB Entry
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-SecurExploitThird Party Advisory
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-IntranExploitThird Party Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101Third Party AdvisoryVendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010Third Party Advisory
- https://www.kb.cert.org/vuls/id/927237Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/108073Third Party AdvisoryVDB Entry
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-SecurExploitThird Party Advisory
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-IntranExploitThird Party Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101Third Party AdvisoryVendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010Third Party Advisory
- https://www.kb.cert.org/vuls/id/927237Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-11540?
CVE-2019-11540 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote att...
How severe is CVE-2019-11540?
CVE-2019-11540 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-11540?
Check the references section above for vendor advisories and patch information. Affected products include: Ivanti Connect Secure, Pulsesecure Pulse Connect Secure, Pulsesecure Pulse Policy Secure.