9.8

CVE-2019-11540

Exploit
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.26% 0.942
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
cve@mitre.org 8.3 1.6 6
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
Third Party Advisory
Vendor Advisory
http://www.securityfocus.com/bid/108073
Third Party Advisory
VDB Entry
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
Third Party Advisory
Exploit
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
Third Party Advisory
Exploit
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
Third Party Advisory
https://www.kb.cert.org/vuls/id/927237
Third Party Advisory
US Government Resource