|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-01-17 | |
| Rule Name: | Pulse Connect Secure 'html5acc' Arbitrary File Disclosure Vulnerability (CVE-2019-11510) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Pulse Secure Pulse Connect Secure (also known as PCS, formerly known as Juniper Junos Pulse) is an SSL VPN solution from the American company Pulse Secure. A path traversal vulnerability exists in Pulse Secure PCS versions 9.0RX, 8.3RX and 8.2RX. The vulnerability results from a network system or product that fails to properly filter special elements in resource or file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Others | |
| Reference: | SecurityFocusBID:108073 https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/ https://kb.pulsesecure.net/ |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 |