CVE-2019-11539

Name of the Vulnerable Software and Affected Versions Pulse Connect Secure versions 9.0RX prior to 9.0R3.4 Pulse Connect Secure versions 8.3RX prior to 8.3R7.1 Pulse Connect Secure versions 8.2RX prior to 8.2R12.1 Pulse Connect Secure versions 8.1RX prior to 8.1R15.1 Pulse Policy Secure versions 9.0RX prior to 9.0R3.2 Pulse Policy Secure versions 5.4RX prior to 5.4R7.1 Pulse Policy Secure versions 5.3RX prior to 5.3R12.1 Pulse Policy Secure versions 5.2RX prior to 5.2R12.1 Pulse Policy Secure versions 5.1RX prior to 5.1R15.1

Description The issue is related to insufficient input validation in the administrative web interface of Pulse Connect Secure, allowing a remote attacker to execute arbitrary code by sending a specially crafted request. The admin web interface permits an authenticated attacker to inject and execute commands.

Recommendations For Pulse Connect Secure versions 9.0RX prior to 9.0R3.4, update to version 9.0R3.4 or later. For Pulse Connect Secure versions 8.3RX prior to 8.3R7.1, update to version 8.3R7.1 or later. For Pulse Connect Secure versions 8.2RX prior to 8.2R12.1, update to version 8.2R12.1 or later. For Pulse Connect Secure versions 8.1RX prior to 8.1R15.1, update to version 8.1R15.1 or later. For Pulse Policy Secure versions 9.0RX prior to 9.0R3.2, update to version 9.0R3.2 or later. For Pulse Policy Secure versions 5.4RX prior to 5.4R7.1, update to version 5.4R7.1 or later. For Pulse Policy Secure versions 5.3RX prior to 5.3R12.1, update to version 5.3R12.1 or later. For Pulse Policy Secure versions 5.2RX prior to 5.2R12.1, update to version 5.2R12.1 or later. For Pulse Policy Secure versions 5.1RX prior to 5.1R15.1, update to version 5.1R15.1 or later.