CVE-2019-11509

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
ivanticonnect_secure
8.1
ivanticonnect_secure
8.1:r1.0
ivanticonnect_secure
8.1:r1.1
ivanticonnect_secure
8.1:r10.0
ivanticonnect_secure
8.1:r11.0
ivanticonnect_secure
8.1:r11.1
ivanticonnect_secure
8.1:r12.0
ivanticonnect_secure
8.1:r12.1
ivanticonnect_secure
8.1:r13.0
ivanticonnect_secure
8.1:r14.0
ivanticonnect_secure
8.1:r2.0
ivanticonnect_secure
8.1:r2.1
ivanticonnect_secure
8.1:r3.1
ivanticonnect_secure
8.1:r3.2
ivanticonnect_secure
8.1:r4.0
ivanticonnect_secure
8.1:r4.1
ivanticonnect_secure
8.1:r5.0
ivanticonnect_secure
8.1:r6.0
ivanticonnect_secure
8.1:r7.0
ivanticonnect_secure
8.1:r8.0
ivanticonnect_secure
8.1:r9.0
ivanticonnect_secure
8.1:r9.1
ivanticonnect_secure
8.1:r9.2
ivanticonnect_secure
8.2:r1.0
ivanticonnect_secure
8.2:r1.1
ivanticonnect_secure
8.2:r10.0
ivanticonnect_secure
8.2:r11.0
ivanticonnect_secure
8.2:r12.0
ivanticonnect_secure
8.2:r2.0
ivanticonnect_secure
8.2:r3.0
ivanticonnect_secure
8.2:r3.1
ivanticonnect_secure
8.2:r4.0
ivanticonnect_secure
8.2:r4.1
ivanticonnect_secure
8.2:r5.0
ivanticonnect_secure
8.2:r5.1
ivanticonnect_secure
8.2:r6.0
ivanticonnect_secure
8.2:r7.0
ivanticonnect_secure
8.2:r7.1
ivanticonnect_secure
8.2:r8.0
ivanticonnect_secure
8.2:r8.1
ivanticonnect_secure
8.2:r8.2
ivanticonnect_secure
8.2:r9.0
ivanticonnect_secure
8.3:r1
ivanticonnect_secure
8.3:r2
ivanticonnect_secure
8.3:r2.1
ivanticonnect_secure
8.3:r3
ivanticonnect_secure
8.3:r4
ivanticonnect_secure
8.3:r5
ivanticonnect_secure
8.3:r5.1
ivanticonnect_secure
8.3:r5.2
ivanticonnect_secure
8.3:r6
ivanticonnect_secure
8.3:r6.1
ivanticonnect_secure
8.3:r7
ivanticonnect_secure
9.0:r1
ivanticonnect_secure
9.0:r2
ivanticonnect_secure
9.0:r2.1
ivanticonnect_secure
9.0:r3
ivanticonnect_secure
9.0:r3.1
ivanticonnect_secure
9.0:r3.2
ivanticonnect_secure
9.0
ivanticonnect_secure
9.0:r1
ivanticonnect_secure
9.0:r2
ivanticonnect_secure
9.0:r2.1
ivanticonnect_secure
9.0:r3
ivanticonnect_secure
9.0:r3.1
ivantipolicy_secure
9.0
ivantipolicy_secure
9.0:r1
ivantipolicy_secure
9.0:r2
ivantipolicy_secure
9.0:r2.1
ivantipolicy_secure
9.0:r3
ivantipolicy_secure
9.0:r3.1
pulsesecurepulse_policy_secure
5.2
pulsesecurepulse_policy_secure
5.2:r1.0
pulsesecurepulse_policy_secure
5.2:r10.0
pulsesecurepulse_policy_secure
5.2:r11.0
pulsesecurepulse_policy_secure
5.2:r2.0
pulsesecurepulse_policy_secure
5.2:r3.0
pulsesecurepulse_policy_secure
5.2:r3.2
pulsesecurepulse_policy_secure
5.2:r4.0
pulsesecurepulse_policy_secure
5.2:r5.0
pulsesecurepulse_policy_secure
5.2:r6.0
pulsesecurepulse_policy_secure
5.2:r7.0
pulsesecurepulse_policy_secure
5.2:r7.1
pulsesecurepulse_policy_secure
5.2:r8.0
pulsesecurepulse_policy_secure
5.2:r9.0
pulsesecurepulse_policy_secure
5.2:r9.1
pulsesecurepulse_policy_secure
5.4
pulsesecurepulse_policy_secure
5.4:r1
pulsesecurepulse_policy_secure
5.4:r2
pulsesecurepulse_policy_secure
5.4:r2.1
pulsesecurepulse_policy_secure
5.4:r3
pulsesecurepulse_policy_secure
5.4:r4
pulsesecurepulse_policy_secure
5.4:r5
pulsesecurepulse_policy_secure
5.4:r5.2
pulsesecurepulse_policy_secure
5.4:r6
pulsesecurepulse_policy_secure
5.4:r6.1
pulsesecurepulse_policy_secure
5.4:r7
𝑥
= Vulnerable software versions
References
https://kb.pulsesecure.net/?atype=sa
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://www.kb.cert.org/vuls/id/927237
https://kb.pulsesecure.net/?atype=sa
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://www.kb.cert.org/vuls/id/927237