PT-2019-12191 · Pulse · Pulse Connect Secure+1
Published
2019-04-12
·
Updated
2024-02-27
·
CVE-2019-11213
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Pulse Desktop Client versions 5.x through 5.3R6
Pulse Desktop Client versions 9.x through 9.0R2
Pulse Connect Secure versions 8.1 through 8.1R13
Pulse Connect Secure versions 8.3 through 8.3R6
Pulse Connect Secure versions 9.0 through 9.0R2
Description
An issue allows an attacker to access session tokens, potentially enabling them to replay and spoof sessions, and gain unauthorized access as an end user. The endpoint must already be compromised for exploitation to succeed.
Recommendations
For Pulse Desktop Client versions 5.x through 5.3R6, update to Secure Desktop 5.3R7 or later.
For Pulse Desktop Client versions 9.x through 9.0R2, update to Secure Desktop 9.0R3 or later.
For Pulse Connect Secure versions 8.1 through 8.1R13, update to 8.1R14 or later.
For Pulse Connect Secure versions 8.3 through 8.3R6, update to 8.3R7 or later.
For Pulse Connect Secure versions 9.0 through 9.0R2, update to 9.0R3 or later.
Fix
Session Fixation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pulse Connect Secure
Pulse Desktop Client