CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 1CVE-2020-11580
https://notcve.org/view.php?id=CVE-2020-11580
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate. Se detectó un problema en Pulse Secure Pulse Connect Secure (PCS) hasta el 06-04-2020. El applet en el archivo tncc.jar, ejecutado en clientes macOS, Linux y Solaris cuando se aplica una política Host Checker, acepta un certificado de tipo SSL arbitrario. • https://git.lsd.cat/g/pulse-host-checker-rce https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 97EXPL: 0CVE-2019-11509
https://notcve.org/view.php?id=CVE-2019-11509
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance. En Pulse Secure Pulse Secure Connect (PCS) anterior de la versión 8.1R15.1, 8.2 anterior de la versión 8.2R12.1, 8.3 anterior de la versión 8.3R7.1 y 9.0 anterior de 9.0R3.4 y Pulse Policy Secure (PPS) anterior de la versión 5.1R15.1, 5.2 anterior de la versión 5.2R12.1, 5.3 anterior de la versión 5.3R15.1, 5.4 anterior de la versión 5.4R7.1 y 9.0 ante de la versión 9.0R3.2, un atacante identificado (a través de la interfaz web de administración) puede operar el control de acceso incorrecto para ejecutar código arbitrario en el dispositivo . • https://kb.pulsesecure.net/?atype=sa https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://www.kb.cert.org/vuls/id/927237 •
CVSS: 8.3EPSS: 0%CPEs: 44EXPL: 0CVE-2019-11543
https://notcve.org/view.php?id=CVE-2019-11543
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1. Existe una vulnerabilidad Cross-site scripting (XSS), en la consola web de administración de Pulse Secure Pulse Connect Secure (PCS) versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX anteriores a 8.3R7.1, y versiones 8.1RX anteriores a 8.1R15.1; Pulse Policy Secure versiones 9.0RX anteriores a 9.0R3.2, versiones 5.4RX anteriores a 5.4R7.1, y versiones 5.2RX anteriores a 5.2R12.1 • http://www.securityfocus.com/bid/108073 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://www.kb.cert.org/vuls/id/927237 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 12%CPEs: 97EXPL: 2CVE-2019-11542
https://notcve.org/view.php?id=CVE-2019-11542
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow. En Pulse Secure Pulse Connect Secure versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX anteriores a 8.3R7.1, versiones 8.2RX anteriores a 8.2R12.1, y versiones 8.1RX anteriores a 8.1R15.1; Pulse Policy Secure versiones 9.0RX anteriores a 9.0R3.2, versiones 5.4RX anteriores a 5.4R7.1, versiones 5.3RX anteriores a 5.3R12.1, versiones 5.2RX anteriores a 5.2R12.1, y versiones 5.1RX anteriores a 5.1R15.1, un atacante autenticado (a través de la interfaz web de administración) puede enviar un mensaje especialmente diseñado que resulte en un desbordamiento de búfer basado en pila . • http://www.securityfocus.com/bid/108073 https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 https://www.kb.cert.org/vuls/id/927237 • CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 96%CPEs: 97EXPL: 6CVE-2019-11539 – Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-11539
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. En Pulse Secure Pulse Connect Secure versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX anteriores a 8.3R7.1, versiones 8.2RX anteriores a 8.2R12.1, y versiones 8.1RX anteriores a 8.1R15.1; Pulse Policy Secure versiones 9.0RX anteriores a 9.0R3.2, versiones 5.4RX anteriores a 5.4R7.1, versiones 5.3RX anteriores a 5.3R12.1, versiones 5.2RX anteriores a 5.2R12.1, y versiones 5.1RX anteriores a 5.1R15.1, la interfaz web de administración permite a un atacante autenticado inyectar y ejecutar comandos. Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands. • https://www.exploit-db.com/exploits/47354 https://www.exploit-db.com/exploits/47700 https://github.com/0xDezzy/CVE-2019-11539 http://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.html http://packetstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-Execution.html http://packetstormsecurity.com/files/162092/Pulse-Secure-VPN-Arbitrary-Command-Execution.html http://www.securityfocus.com/bid/108073 https://devco.re/blog/2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •