Other official information and services: www.belgium.be

Vulnerability in Pulse Secure: Pulse Connect Secure (PCS)

Reference:

Advisory #2019-020

Version:

1.0

Affected software:

Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4.

Type:

arbitrary file reading vulnerability

CVE/CVSS:

CVE: 2019-11510

CVE Score: 8.8 (CVSS 3.0), 6.5 (CVSS 2.0)

Date:

27/08/2019

Sources

https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/

https://arstechnica.com/information-technology/2019/08/hackers-are-actively-trying-to-steal-passwords-from-two-widely-used-vpns/

Risks

This arbitrary file reading vulnerability (CVE-2019-11510) allows sensitive information disclosure enabling unauthenticated attackers to access private keys and user passwords.

Description

Hackers are actively unleashing attacks that attempt to steal encryption keys, passwords, and other sensitive data from vulnerable Pulse Secure VPN servers. The vulnerabilities can be exploited by sending unpatched servers Web requests that contain a special sequence of characters. This would then give the ability to an attacker to access private keys and user passwords.

Further exploitation using the leaked credentials can lead to remote command injection (CVE-2019-11539) and allow attackers to gain access inside the private VPN network.

Recommended Actions

CERT.be recommends all System administrators to upgrade their vulnerable Pulse Secure instances to version 9.1R1 and above.

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/