6.5
CVSSv2

CVE-2019-11508

Published: 08/05/2019 Updated: 09/08/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

In Pulse Secure Pulse Connect Secure (PCS) prior to 8.1R15.1, 8.2 prior to 8.2R12.1, 8.3 prior to 8.3R7.1, and 9.0 prior to 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.

Vulnerability Trend

Affected Products

Vendor Product Versions
PulsesecurePulse Connect Secure7.1, 7.4, 8.1, 8.2, 8.3, 9.0

Github Repositories

Pulse-Secure-SSL-VPN-CVE-2019 漏洞编号: CVE-2019-11510——任意文件读取(无需授权) CVE-2019-11542——堆栈缓冲区溢出(管理员权限) CVE-2019-11539——命令注入(管理员权限) CVE-2019-11538——通过NFS读取任意文件(用户权限) CVE-2019-11508——通过NFS写入任意文件(用