6.5
CVSSv2

CVE-2019-11510

Published: 08/05/2019 Updated: 10/05/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

In Pulse Secure Pulse Connect Secure (PCS) prior to 8.1R15.1, 8.2 prior to 8.2R12.1, 8.3 prior to 8.3R7.1, and 9.0 prior to 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

Vulnerability Trend

Affected Products

Vendor Product Versions
PulsesecurePulse Connect Secure7.1, 7.4, 8.1, 8.2, 8.3, 9.0

Exploits

# Exploit Title: File disclosure in Pulse Secure SSL VPN (metasploit) # Google Dork: inurl:/dana-na/ filetype:cgi # Date: 8/20/2019 # Exploit Author: 0xDezzy (Justin Wagner), Alyssa Herrera # Vendor Homepage: pulsesecurenet # Version: 81R151, 82 before 82R121, 83 before 83R71, and 90 before 90R34 # Tested on: Linux # CVE : CVE-2 ...

Mailing Lists

This Metasploit module exploits Pulse Secure SSL VPN versions 81R151, 82, 83, and 90 which suffer from an arbitrary file disclosure vulnerability ...

Github Repositories

CVE-2019-11510 Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510) You can use a single domain, either a list of domains You must include in front of the domain Usage : cat targetlisttxt | bash CVE-2019-11510sh / bash CVE-2019-11510sh -d vpntargetcom/ If you want to just verify the exploit and download /etc/passwd then use : cat targ

googleporks NEW UPDATE!! CVE-2019-11510 A project to automate google dorks, I've tried it with threads, but google does not like it, and responds with error 428 They're bad people Use googlesearch and terminal_text_color to be cuter pip install google Good people -> (githubcom/MarioVilas/googlesearchgit) pip install terminal_text_color pip install

CVE-2019-11510-poc Pulse Secure SSL VPN pre-auth file reading Reference hackeronecom/reports/591295 githubcom/projectzeroindia/CVE-2019-11510/blob/master/CVE-2019-11510sh packetstormsecuritycom/files/154176/Pulse-Secure-SSL-VPN-81R151-82-83-90-Arbitrary-File-Disclosurehtml