HomePentest-Tools.com Logo

Pulse Secure - Local File Inclusion (CVE-2019-11510)

Severity
CVSSv3 Score
10
Exploitable with Sniper
Yes
Vulnerability description

Pulse Secure is affected by a Local File Inclusion vulnerability. The root cause is a functionality in the new "HTML5 Access" feature that uses insufficient path validation, allowing an attacker to bypass authentication and access files. This can allow unauthenticated remote attackers to fetch Microsoft Access Database files from the target systems and extract user credentials, private keys and session cookies from those files.

Exploit capabilities

Sniper can read arbitrary files from the target system and extract them as evidence.

Risk description

The risk exists that a remote unauthenticated attacker could exploit this vulnerability and extract administrator user credentials, bruteforce the administrator password and then proceed to compromise the system.

Recommendation

Upgrade the Pulse Secure server to a version greater than 9.0R3.4.

Detectable with
Network Scanner
Vuln date
May 2019
Published at
Updated at
Software Type
VPN gateway
Vendor
Pulse
Product
Connect Secure
Codename
Not available