Published: 26/04/2019 Updated: 24/08/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

In Pulse Secure Pulse Connect Secure version 9.0RX prior to 9.0R3.4 and 8.3RX prior to 8.3R7.1 and Pulse Policy Secure version 9.0RX prior to 9.0R3.2 and 5.4RX prior to 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.

Vulnerability Trend

Github Repositories

Attacking and defending web and VPN session hijacking in Pulse Secure Connect

Session hijacking in PulseSecure Server Depending on the configuration, all versions are affected including latest release 90R34 See the vendor's response for the gory configuration details Disclaimer Please note that on a fully patched Pulse server this vulnerability is not exploitable by itself and is only useful under very specific circumstances For this exploit to

Pulse-Secure-SSL-VPN-CVE-2019 漏洞编号: CVE-2019-11510——任意文件读取(无需授权) CVE-2019-11542——堆栈缓冲区溢出(管理员权限) CVE-2019-11539——命令注入(管理员权限) CVE-2019-11538——通过NFS读取任意文件(用户权限) CVE-2019-11508——通过NFS写入任意文件(用