Risk Scores
CVSS v3.0
8
CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N
EPSS Score
93.91%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| pulsesecure | pulse_policy_secure | 5.4rx, 5.4r7, 5.4r6.1 |
| ivanti | connect_secure | 8.3, 8.1, 8.1 |
| ivanti | policy_secure | 9.0, 9.0, 9.0 |
Timeline
- CVE Published
- Aug 10, 2019 PoC Published
- Sep 6, 2019 PoC Published
- Nov 12, 2019 PoC Published
- Nov 13, 2019 PoC Published
- Nov 20, 2019 PoC Published
- Dec 2, 2019 PoC Published
- May 7, 2020 PoC Published
- Sep 16, 2020 PoC Published
- Feb 25, 2021 PoC Published
- Apr 7, 2021 PoC Published
- Apr 14, 2021 EPSS Score
References
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 url
- 108073 vdb
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 url
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf url
- http://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.html url
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/ url
- VU#927237 third-party-advisory
- http://packetstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-Execution.html url
- http://packetstormsecurity.com/files/162092/Pulse-Secure-VPN-Arbitrary-Command-Execution.html url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11539 url
- https://nvd.nist.gov/vuln/detail/CVE-2019-11539 advisory
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study url