CVE-2019-11538
Summary
| CVE | CVE-2019-11538 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-04-26 02:29:00 UTC |
| Updated | 2024-01-13 18:36:00 UTC |
| Description | In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device. |
Risk And Classification
Problem Types: CWE-59
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ivanti | Connect Secure | 9.0 | r1 | All | All |
| Application | Ivanti | Connect Secure | 9.0 | r2 | All | All |
| Application | Ivanti | Connect Secure | 9.0 | r2.1 | All | All |
| Application | Ivanti | Connect Secure | 9.0 | r3 | All | All |
| Application | Ivanti | Connect Secure | 9.0 | r3.1 | All | All |
| Application | Ivanti | Connect Secure | 9.0 | r3.2 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r1.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r1.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r10.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r11.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r11.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r12.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r12.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r13.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r14.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r2.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r2.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r3.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r3.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r3.2 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r4.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r4.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r5.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r6.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r7.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r8.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r9.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r9.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r9.2 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r1.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r1.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r10.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r11.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r12.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r2.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r3.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r3.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r4.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r4.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r5.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r5.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r6.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r7.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r7.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r7.2 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r8.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r8.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r8.2 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r9.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r2 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r2.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r3 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r4 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r5 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r5.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r5.2 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r6 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r6.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 9.0 | r1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 9.0 | r2 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 9.0 | r2.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 9.0 | r3 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 9.0 | r3.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 9.0 | r3.2 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r1.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r1.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r10.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r11.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r11.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r12.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r12.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r13.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r14.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r2.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r2.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r3.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r3.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r3.2 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r4.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r4.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r5.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r6.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r7.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r8.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r9.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r9.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.1 | r9.2 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r1.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r1.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r10.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r11.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r12.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r2.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r3.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r3.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r4.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r4.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r5.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r5.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r6.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r7.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r7.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r7.2 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r8.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r8.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r8.2 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.2 | r9.0 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r2 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r2.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r3 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r4 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r5 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r5.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r5.2 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r6 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 8.3 | r6.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 9.0 | r1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 9.0 | r2 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 9.0 | r2.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 9.0 | r3 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 9.0 | r3.1 | All | All |
| Application | Pulsesecure | Pulse Connect Secure | 9.0 | r3.2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VU#927237 - Multiple vulnerabilities in Pulse Secure VPN | CERT-VN | www.kb.cert.org | |
| Pulse Connect Secure and Pulse Policy Secure Multiple Security Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Attacking SSL VPN - Part 3: The Golden Pulse Secure SSL VPN RCE Chain, with Twitter as Case Study! | DEVCORE | MISC | devco.re | |
| i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-L... | MISC | i.blackhat.com | |
| Public KB - SA44101 - 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX | CONFIRM | kb.pulsesecure.net | Vendor Advisory |
| Security Advisory | CONFIRM | psirt.global.sonicwall.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.