Pulse Secure - Local File Inclusion (CVE-2019-11510)
- Severity
- CVSSv3 Score
- 10
- Exploitable with Sniper
- Yes
- Vulnerability description
Pulse Secure is affected by a Local File Inclusion vulnerability. The root cause is a functionality in the new "HTML5 Access" feature that uses insufficient path validation, allowing an attacker to bypass authentication and access files. This can allow unauthenticated remote attackers to fetch Microsoft Access Database files from the target systems and extract user credentials, private keys and session cookies from those files.
- Exploit capabilities
Sniper can read arbitrary files from the target system and extract them as evidence.
- Risk description
The risk exists that a remote unauthenticated attacker could exploit this vulnerability and extract administrator user credentials, bruteforce the administrator password and then proceed to compromise the system.
- Recommendation
Upgrade the Pulse Secure server to a version greater than 9.0R3.4.
- Detectable with
- Network Scanner
- Vuln date
- May 2019
- Published at
- Updated at
- Software Type
- VPN gateway
- Vendor
- Pulse
- Product
- Connect Secure
- Codename
- Not available
