CVE-2019-11510

KEV
Published: Mag 08, 2019 Last Modified: Nov 06, 2025
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 9,9
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
HIGH 7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,9438
Percentile
1,0th
Updated

EPSS Score Trend (Last 90 Days)

22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies: AI/ML
Likelihood of Exploit: High
View CWE Details
Exploit

Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File …

Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit)

Author: Alyssa Herrera Published:
View Exploit Code →
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.3
cpe:2.3:a:ivanti:connect_secure:8.3:r3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r10.0:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r1.1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r3.0:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r2.0:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.3
cpe:2.3:a:ivanti:connect_secure:8.3:r1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.3
cpe:2.3:a:ivanti:connect_secure:8.3:r2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r8.0:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.3
cpe:2.3:a:ivanti:connect_secure:8.3:r5:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r5.1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r8.2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.3
cpe:2.3:a:ivanti:connect_secure:8.3:r5.2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r9.0:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r4.0:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r1.0:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r11.0:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 9.0
cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 9.0
cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 9.0
cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 9.0
cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 9.0
cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.3
cpe:2.3:a:ivanti:connect_secure:8.3:r7:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.3
cpe:2.3:a:ivanti:connect_secure:8.3:r6:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r3.1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r6.0:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.3
cpe:2.3:a:ivanti:connect_secure:8.3:r5.1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r12.0:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r4.1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r8.1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.3
cpe:2.3:a:ivanti:connect_secure:8.3:r2.1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r5.0:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.3
cpe:2.3:a:ivanti:connect_secure:8.3:r6.1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 9.0
cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.3
cpe:2.3:a:ivanti:connect_secure:8.3:r4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r7.1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 8.2
cpe:2.3:a:ivanti:connect_secure:8.2:r7.0:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Connect Secure by Ivanti

Product Information
Vendor Ivanti
Product Connect Secure
Version 9.0
cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalo…
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019…
http://packetstormsecurity.com/files/154176/Pulse-Secure-SS…
http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8…
http://packetstormsecurity.com/files/154231/Pulse-Secure-SS…
http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosur…
https://badpackets.net/over-14500-pulse-secure-vpn-endpoint…
https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-…
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-t…
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secu…
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltra…
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intra…
https://kb.pulsesecure.net/articles/Pulse_Security_Advisori…
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://kb.pulsesecure.net/?atype=sa
https://kb.pulsesecure.net/?atype=sa
https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a4…
https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d…
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-…
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
https://www.kb.cert.org/vuls/id/927237
https://www.kb.cert.org/vuls/id/927237
http://www.securityfocus.com/bid/108073
http://www.securityfocus.com/bid/108073
http://packetstormsecurity.com/files/154176/Pulse-Secure-SS…
http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8…
http://packetstormsecurity.com/files/154231/Pulse-Secure-SS…
http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosur…
https://badpackets.net/over-14500-pulse-secure-vpn-endpoint…
https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-…
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-t…
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secu…
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltra…
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intra…
https://kb.pulsesecure.net/articles/Pulse_Security_Advisori…
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://kb.pulsesecure.net/?atype=sa
https://kb.pulsesecure.net/?atype=sa
https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a4…
https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d…
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-…
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
https://www.kb.cert.org/vuls/id/927237
https://www.kb.cert.org/vuls/id/927237
http://www.securityfocus.com/bid/108073
http://www.securityfocus.com/bid/108073