VDB
CVE-2019-11538
CVE-2019-11538
PUBLISHED
CVSS 7.699999809265137 HIGH
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device.
EPSS 4.21% · 88.9th percentile
Risk Scores
CVSS 3.0
7.699999809265137
CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:C/UI:N
EPSS Score
4.21%
88.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| ivanti | connect_secure | 8.1, 8.1, 8.1 |
Timeline
- CVE Published
- Aug 10, 2019 PoC Published
- Dec 2, 2019 PoC Published
- Feb 25, 2021 PoC Published
- Apr 14, 2021 EPSS Score
- Jul 29, 2021 PoC Published
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Jun 18, 2024 PoC Published
- Mar 17, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
References
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 url
- 108073 vdb
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 url
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf url
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/ url
- VU#927237 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-11538 advisory
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study url