CVE-2019-11509

Name of the Vulnerable Software and Affected Versions Pulse Connect Secure (PCS) versions 8.1 before 8.1R15.1 Pulse Connect Secure (PCS) versions 8.2 before 8.2R12.1 Pulse Connect Secure (PCS) versions 8.3 before 8.3R7.1 Pulse Connect Secure (PCS) versions 9.0 before 9.0R3.4 Pulse Policy Secure (PPS) versions 5.1 before 5.1R15.1 Pulse Policy Secure (PPS) versions 5.2 before 5.2R12.1 Pulse Policy Secure (PPS) versions 5.3 before 5.3R15.1 Pulse Policy Secure (PPS) versions 5.4 before 5.4R7.1 Pulse Policy Secure (PPS) versions 9.0 before 9.0R3.2

Description An authenticated attacker, via the admin web interface, can exploit Incorrect Access Control to execute arbitrary code on the appliance.

Recommendations For Pulse Connect Secure (PCS) versions 8.1 before 8.1R15.1, update to version 8.1R15.1 or later. For Pulse Connect Secure (PCS) versions 8.2 before 8.2R12.1, update to version 8.2R12.1 or later. For Pulse Connect Secure (PCS) versions 8.3 before 8.3R7.1, update to version 8.3R7.1 or later. For Pulse Connect Secure (PCS) versions 9.0 before 9.0R3.4, update to version 9.0R3.4 or later. For Pulse Policy Secure (PPS) versions 5.1 before 5.1R15.1, update to version 5.1R15.1 or later. For Pulse Policy Secure (PPS) versions 5.2 before 5.2R12.1, update to version 5.2R12.1 or later. For Pulse Policy Secure (PPS) versions 5.3 before 5.3R15.1, update to version 5.3R15.1 or later. For Pulse Policy Secure (PPS) versions 5.4 before 5.4R7.1, update to version 5.4R7.1 or later. For Pulse Policy Secure (PPS) versions 9.0 before 9.0R3.2, update to version 9.0R3.2 or later.