CVE-2019-11510

Name of the Vulnerable Software and Affected Versions Pulse Secure Pulse Connect Secure (PCS) versions 8.2 through 8.2R12.1 Pulse Secure Pulse Connect Secure (PCS) versions 8.3 through 8.3R7.1 Pulse Secure Pulse Connect Secure (PCS) versions 9.0 through 9.0R3.4

Description The issue is related to errors in permission handling, allowing an unauthenticated remote attacker to send a specially crafted URI and perform an arbitrary file reading. This can lead to the disclosure of active users and their plain-text credentials. Over 2,500 Pulse Secure VPN endpoints are potentially affected.

Recommendations For Pulse Secure Pulse Connect Secure (PCS) versions 8.2 through 8.2R12.1, update to version 8.2R12.1 or later. For Pulse Secure Pulse Connect Secure (PCS) versions 8.3 through 8.3R7.1, update to version 8.3R7.1 or later. For Pulse Secure Pulse Connect Secure (PCS) versions 9.0 through 9.0R3.4, update to version 9.0R3.4 or later. As a temporary workaround, consider restricting access to the vulnerable URI endpoint until a patch is available.