VDB
CVE-2019-11542
CVE-2019-11542
PUBLISHED
CVSS 8 HIGH
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow.
EPSS 34.67% · 97.1th percentile
Risk Scores
CVSS v3.0
8
CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N
EPSS Score
34.67%
97.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ivanti | connect_secure | 8.2, 8.3, 8.1 |
| pulsesecure | pulse_connect_secure | 8.2r2.0, 8.2r3.0, 8.2r3.1 |
| pulsesecure | pulse_policy_secure | 5.2r8.0, 5.2r9.0, 5.2r9.1 |
| n/a | n/a | n/a |
Timeline
- CVE Published
- Aug 10, 2019 PoC Published
- Dec 2, 2019 PoC Published
- Feb 25, 2021 PoC Published
- Apr 14, 2021 EPSS Score
- Jul 29, 2021 PoC Published
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Mar 25, 2023 EPSS Score
- Jul 8, 2023 EPSS Score
- Aug 19, 2023 EPSS Score
- Jun 18, 2024 PoC Published
References
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 url
- 108073 vdb
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 url
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf url
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/ url
- VU#927237 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-11542 advisory
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study url