7.5
CVSSv2

CVE-2019-11510

Published: 08/05/2019 Updated: 03/10/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 800
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

In Pulse Secure Pulse Connect Secure (PCS) 8.2 prior to 8.2R12.1, 8.3 prior to 8.3R7.1, and 9.0 prior to 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

Vulnerability Trend

Affected Products

Vendor Product Versions
PulsesecurePulse Connect Secure8.2, 8.3, 9.0

Exploits

# Exploit Title: File disclosure in Pulse Secure SSL VPN (metasploit) # Google Dork: inurl:/dana-na/ filetype:cgi # Date: 8/20/2019 # Exploit Author: 0xDezzy (Justin Wagner), Alyssa Herrera # Vendor Homepage: pulsesecurenet # Version: 81R151, 82 before 82R121, 83 before 83R71, and 90 before 90R34 # Tested on: Linux # CVE : CVE-2 ...

Mailing Lists

This Metasploit module exploits Pulse Secure SSL VPN versions 81R151, 82, 83, and 90 which suffer from an arbitrary file disclosure vulnerability ...

Metasploit Modules

Pulse Secure VPN Arbitrary File Disclosure

This module exploits a pre-auth directory traversal in the Pulse Secure VPN server to dump an arbitrary file. Dumped files are stored in loot. If the "Automatic" action is set, plaintext and hashed credentials, as well as session IDs, will be dumped. Valid sessions can be hijacked by setting the "DSIG" browser cookie to a valid session ID. For the "Manual" action, please specify a file to dump via the "FILE" option. /etc/passwd will be dumped by default. If the "PRINT" option is set, file contents will be printed to the screen, with any unprintable characters replaced by a period. Please see related module exploit/linux/http/pulse_secure_cmd_exec for a post-auth exploit that can leverage the results from this module.

msf > use auxiliary/gather/pulse_secure_file_disclosure
msf auxiliary(pulse_secure_file_disclosure) > show actions
    ...actions...
msf auxiliary(pulse_secure_file_disclosure) > set ACTION < action-name >
msf auxiliary(pulse_secure_file_disclosure) > show options
    ...show and set options...
msf auxiliary(pulse_secure_file_disclosure) > run

Github Repositories

CVE-2019-11510 Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510) You can use a single domain, either a list of domains You must include in front of the domain Usage : cat targetlisttxt | bash CVE-2019-11510sh / bash CVE-2019-11510sh -d vpntargetcom/ If you want to just verify the exploit and download /etc/passwd then use : cat targ

CVE-2019-11510 PoC Python script to exploit CVE-2019-11510 and read '/etc/passwd' file Pulse Secure 81R151/82/83/90 SSL VPN - Arbitrary File Disclosure vulnerability

CVE-2019-11510-1 Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510) python usage: python CVE-2019-11510py xxxx 参考链接: hackeronecom/reports/591295 githubcom/projectzeroindia/CVE-2019-11510

CVE-2019-11510-poc Pulse Secure SSL VPN pre-auth file reading Reference hackeronecom/reports/591295 githubcom/projectzeroindia/CVE-2019-11510/blob/master/CVE-2019-11510sh packetstormsecuritycom/files/154176/Pulse-Secure-SSL-VPN-81R151-82-83-90-Arbitrary-File-Disclosurehtml

googleporks NEW UPDATE!! CVE-2019-11510 A project to automate google dorks, I've tried it with threads, but google does not like it, and responds with error 428 They're bad people Use googlesearch and terminal_text_color to be cuter pip install google Good people -&gt; (githubcom/MarioVilas/googlesearchgit) pip install terminal_text_color pip install

Recent Articles

US Govt Warns of Attacks on Unpatched Pulse VPN Servers
BleepingComputer • Sergiu Gatlan • 10 Jan 2020

The US Cybersecurity and Infrastructure Security Agency (CISA) today alerted organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit a known remote code execution (RCE) vulnerability.
This warning follows another alert issued by CISA in October 2019, and others coming from the National Security Agency (NSA), the Canadian Centre for Cyber Security, and UK's National Cyber Security Center (NCSC).
Pulse Secure reported the vulnerabi...

That Pulse Secure VPN you're using to protect your data? Better get it patched – or it's going to be ransomware time
The Register • Shaun Nichols in San Francisco • 07 Jan 2020

Plug this security bypass... if you can even find the boxes running it

Hackers are taking advantage of unpatched enterprise VPN setups ‒ specifically, a long-known bug in Pulse Secure's code ‒ to spread ransomware and other nasties.
British infosec specialist Kevin Beaumont says a severe hole in Pulse Secure's Zero Trust Remote Access VPN software is being used by miscreants as the entry point for inserting malware attacks.
The vulnerability in question, CVE-2019-11510, was among the bugs patched back in April by an out-of-band update. The flaw is p...

Sodinokibi Ransomware Behind Travelex Fiasco: Report
Threatpost • Tara Seals • 07 Jan 2020

The Sodinokibi ransomware strain is apparently behind the New Year’s Eve attack on foreign currency-exchange giant Travelex, which has left its customers and banking partners stranded without its services.
The criminals behind the attack are demanding a six-figure sum in return for the decryption key, according to reports, and are directing the company to a payment website hosted in Colorado.
“It is just business. We absolutely do not care about you or your details, except gettin...

Sodinokibi Ransomware Hits Travelex, Demands $3 Million
BleepingComputer • Ionut Ilascu • 06 Jan 2020

It's been more than six days since a cyber attack took down the services of the international foreign currency exchange company Travelex and BleepingComputer was able to confirm that the company systems were infected with Sodinokibi ransomware.
The attack occurred on December 31 and affected some Travelex services. This prompted the company to take offline all its computer systems, a precaution meant "to protect data and prevent the spread of the virus."
As a result, customers could ...

APT Groups Exploiting Flaws in Unpatched VPNs, Officials Warn
Threatpost • Elizabeth Montalbano • 08 Oct 2019

State-sponsored advanced persistent threat (APT) groups are using flaws in outdated VPN technologies from Palo Alto Networks, Fortinet and Pulse Secure to carry out cyber attacks on targets in the United States and overseas, warned U.S. and U.K. officials.
The National Security Agency (NSA) issued a Cybersecurity Advisory Monday about the threats and offered mitigation suggestions, warning that multiple APT actors have weaponized three critical vulnerabilities first published in August–C...