Trending CVEs for the Week of August 26th, 2019

CVE-2019-11510 – Pulse Secure VPN

Description 

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

Affected Versions

  • Pulse Connect Secure 9.0R1 – 9.0R3.3
  • Pulse Connect Secure 8.3R1 – 8.3R7
  • Pulse Connect Secure 8.2R1 – 8.2R12
  • Pulse Connect Secure 8.1R1 – 8.1R15
  • Pulse Policy Secure 9.0R1 – 9.0R3.3
  • Pulse Policy Secure 5.4R1 – 5.4R7
  • Pulse Policy Secure 5.3R1 – 5.3R12
  • Pulse Policy Secure 5.2R1 – 5.2R12
  • Pulse Policy Secure 5.1R1 – 5.1R15

Fixes

Follow the Pulse security advisories to implement patch. There is no workaround for this vulnerability.

References

Pulse Security Advisory