Risk Scores
CVSS v3.0
8.300000190734863
CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R
EPSS Score
6.52%
91.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| pulsesecure | pulse_policy_secure | 9.0rx, 5.4r6, 5.4r6.1 |
| ivanti | connect_secure | 8.3 |
| pulsesecure | pulse_connect_secure | 9.0r1, 9.0r2, 9.0r2.1 |
Timeline
- CVE Published
- Aug 10, 2019 PoC Published
- Dec 2, 2019 PoC Published
- Jan 20, 2020 PoC Published
- Feb 25, 2021 PoC Published
- Apr 14, 2021 EPSS Score
- Jul 29, 2021 PoC Published
- Jan 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Jun 18, 2024 PoC Published
- Aug 25, 2024 EPSS Score
References
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 url
- 108073 vdb
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 url
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf url
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/ url
- VU#927237 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-11540 advisory
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study url