Pulse Secure - Local File Inclusion (CVE-2019-11510)
- Severity
- CVSSv3 Score
- 10
- Vulnerability description
Pulse Secure is affected by a Local File Inclusion vulnerability. The root cause is a functionality in the new "HTML5 Access" feature that uses insufficient path validation, allowing an attacker to bypass authentication and access files. This can allow unauthenticated remote attackers to fetch Microsoft Access Database files from the target systems and extract user credentials, private keys and session cookies from those files.
- Risk description
The risk exists that a remote unauthenticated attacker could exploit this vulnerability and extract administrator user credentials, bruteforce the administrator password and then proceed to compromise the system.
- Exploit capabilities
Sniper can read arbitrary files from the target system and extract them as evidence.
- Recommendation
Upgrade the Pulse Secure server to a version greater than 9.0R3.4.
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- May 2019
- Published at
- Updated at
- Software Type
- VPN gateway
- Vendor
- Pulse
- Product
- Connect Secure