ID KITPLOIT:4421457840699592233Type kitploitReporter KitPloitModified 2021-12-01T20:30:00
Description
A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.
With ShonyDanza, you can:
Obtain IPs based on search criteria
Automatically exclude honeypots from the results based on your pre-configured thresholds
Pre-configure all IP searches to filter on your specified net range(s)
Pre-configure search limits
Use build-a-search to craft searches with easy building blocks
Use stock searches and pre-configure your own stock searches
Check if IPs are known malware C2s
Get host and domain profiles
Scan on-demand
Find exploits
Get total counts for searches and exploits
Automatically save exploit code, IP lists, host profiles, domain profiles, and scan results to directories within ShonyDanza
Installation
git clone https://github.com/fierceoj/ShonyDanza.git
> Requirements
cd ShonyDanza pip3 install -r requirements.txt
Usage
> Edit config.py to include your desired configurations cd configs sudo nano config.py
#config file for shonydanza searches
#REQUIRED
#maximum number of results that will be returned per search
#default is 100
SEARCH_LIMIT = 100
#REQUIRED
#IPs exceeding the honeyscore limit will not show up in IP results
#scale is 0.0 to 1.0
#adjust to desired probability to restrict results by threshold, or keep at 1.0 to include all results
HONEYSCORE_LIMIT = 1.0
#REQUIRED - at least one key: value pair
#add a shodan dork to the dictionary below to add it to your shonydanza stock searches menu
#see https://github.com/jakejarvis/awesome-shodan-queries for a great source of queries
#check into "vuln:" filter if you have Small Business Plan or higher (e.g., vuln:cve-2019-11510)
STOCK_SEARCHES = {
'ANONYMOUS_FTP':'ftp anonymous ok',
'RDP':'port:3389 has_screenshot:true',
'OPEN_TELNET':'port:23 console gateway -password',
'APACHE_DIR_LIST':'http.title:"Index of / "',
'SPRING_BOOT':'http.favicon.hash:116323821',
'HP_PRINTERS':'"Serial Number:" "Built:" "Server: HP HTTP"',
'DOCKER_API':'"Docker Containers:" port:2375',
'ANDROID_ROOT_BRIDGE':'"Android Debug Bridge" "Device" port:5555',
'MONGO_EXPRESS_GUI':'"Set-Cookie: mongo-express=" "200 OK"',
'CVE-2019-11510_PULSE_VPN':'http.html:/dana-na/',
'CVE-2019-19781_CITRIX_NETSCALER':'http.waf:"Citrix NetScaler"',
'CVE-2020-5902_F5_BIGIP':'http.favicon.hash:-335242539 "3992"',
'CVE-2020-3452_CISCO_ASA_FTD':'200 "Set-Cookie: webvpn;"'
}
#OPTIONAL
#IP or cidr range constraint for searches that return list of IP addresses
#use comma-separated list to designate multiple (e.g. 1.1.1.1,2.2.0.0/16,3.3.3.3,3.3.3.4)
#NET_RANGE = '0.0.0.0/0'
> Run cd ../ python3 shonydanza.py
See this how-to article for additional usage instruction.
Legal Disclaimer
This project is made for educational and ethical testing purposes only. Usage of ShonyDanza for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.
Download ShonyDanza
{"id": "KITPLOIT:4421457840699592233", "vendorId": null, "type": "kitploit", "bulletinFamily": "tools", "title": "ShonyDanza - A Customizable, Easy-To-Navigate Tool For Researching, Pen Testing, And Defending With The Power Of Shodan", "description": "[  ](<https://3.bp.blogspot.com/-HfvtRTCYnTM/YZ3QJbhSs3I/AAAAAAAA4AU/kC3BBy581dgTiAKCIDOlmGtohgCXuQhlgCK4BGAYYCw/s1600/ShonyDanza_1_shonydanza_demo-780791.gif>)\n\n \n\n\nA customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan. \n\n \n\n\nWith ShonyDanza, you can: \n\n * Obtain IPs based on search criteria \n * Automatically exclude honeypots from the results based on your pre-configured thresholds \n * Pre-configure all IP searches to filter on your specified net range(s) \n * Pre-configure search limits \n * Use build-a-search to craft searches with easy building blocks \n * Use stock searches and pre-configure your own stock searches \n * Check if IPs are known [ malware ](<https://www.kitploit.com/search/label/Malware> \"malware\" ) C2s \n * Get host and domain profiles \n * Scan on-demand \n * Find exploits \n * Get total counts for searches and exploits \n * Automatically save exploit code, IP lists, host profiles, domain profiles, and scan results to directories within ShonyDanza \n\n## Installation \n\n` git clone https://github.com/fierceoj/ShonyDanza.git ` \n\n\n> Requirements \n\n * python3 \n * shodan library \n\n` cd ShonyDanza ` \n` pip3 install -r requirements.txt `\n\n## Usage \n\n> Edit config.py to include your desired configurations \n` cd configs ` \n` sudo nano config.py ` \n\n \n \n #config file for shonydanza searches \n \n #REQUIRED \n #maximum number of results that will be returned per search \n #default is 100 \n \n SEARCH_LIMIT = 100 \n \n \n #REQUIRED \n #IPs exceeding the honeyscore limit will not show up in IP results \n #scale is 0.0 to 1.0 \n #adjust to desired probability to restrict results by threshold, or keep at 1.0 to include all results \n \n HONEYSCORE_LIMIT = 1.0 \n \n \n #REQUIRED - at least one key: value pair \n #add a shodan dork to the dictionary below to add it to your shonydanza stock searches menu \n #see https://github.com/jakejarvis/awesome-shodan-queries for a great source of queries \n #check into \"vuln:\" filter if you have Small Business Plan or higher (e.g., vuln:cve-2019-11510) \n \n STOCK_SEARCHES = { \n 'ANONYMOUS_FTP':'ftp anonymous ok', \n 'RDP':'port:3389 has_screenshot:true', \n 'OPEN_TELNET':'port:23 console gateway -password', \n 'APACHE_DIR_LIST':'http.title:\"Index of / \"', \n 'SPRING_BOOT':'http.favicon.hash:116323821', \n 'HP_PRINTERS':'\"Serial Number:\" \"Built:\" \"Server: HP HTTP\"', \n 'DOCKER_API':'\"Docker Containers:\" port:2375', \n 'ANDROID_ROOT_BRIDGE':'\"Android Debug Bridge\" \"Device\" port:5555', \n 'MONGO_EXPRESS_GUI':'\"Set-Cookie: mongo-express=\" \"200 OK\"', \n 'CVE-2019-11510_PULSE_VPN':'http.html:/dana-na/', \n 'CVE-2019-19781_CITRIX_NETSCALER':'http.waf:\"Citrix NetScaler\"', \n 'CVE-2020-5902_F5_BIGIP':'http.favicon.hash:-335242539 \"3992\"', \n 'CVE-2020-3452_CISCO_ASA_FTD':'200 \"Set-Cookie: webvpn;\"' \n } \n \n \n #OPTIONAL \n #IP or cidr range constraint for searches that return list of IP addresses \n #use comma-separated list to designate multiple (e.g. 1.1.1.1,2.2.0.0/16,3.3.3.3,3.3.3.4) \n \n #NET_RANGE = '0.0.0.0/0' \n \n\n> Run \n` cd ../ ` \n` python3 shonydanza.py ` \n\n\nSee this [ how-to article ](<https://null-byte.wonderhowto.com/forum/to-use-shonydanza-find-target-and-exploit-0318883/> \"how-to article\" ) for additional usage instruction. \n\n## Legal Disclaimer \n\nThis project is made for educational and ethical [ testing ](<https://www.kitploit.com/search/label/Testing> \"testing\" ) purposes only. Usage of ShonyDanza for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. \n\n \n \n\n\n** [ Download ShonyDanza ](<https://github.com/fierceoj/ShonyDanza> \"Download ShonyDanza\" ) **\n", "published": "2021-12-01T20:30:00", "modified": "2021-12-01T20:30:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "http://www.kitploit.com/2021/12/shonydanza-customizable-easy-to.html", "reporter": "KitPloit", "references": ["https://github.com/fierceoj/ShonyDanza"], "cvelist": ["CVE-2019-11510", "CVE-2019-19781", "CVE-2020-3452", "CVE-2020-5902"], "immutableFields": [], "lastseen": "2022-01-11T13:16:12", "viewCount": 42, "enchantments": {"dependencies": {"references": [{"type": "kitploit", "idList": ["KITPLOIT:4707889613618662864"]}, {"type": "attackerkb", "idList": ["AKB:63A96584-6094-4433-8AE0-1C1CD1B1C345", "AKB:E88B8795-0434-4AC5-B3D5-7E3DAB8A60C1", "AKB:AFC76977-D355-470D-A7F6-FEF7A8352B65", "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD"]}, {"type": "cve", "idList": ["CVE-2020-3452", "CVE-2020-5902", "CVE-2019-11510", "CVE-2019-19781"]}, {"type": "threatpost", "idList": ["THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-1097", "CPAI-2020-0628", "CPAI-2020-0710", "CPAI-2019-1653"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "CISCO-SA-ASAFTD-RO-PATH-KJUQHB86-ASA.NASL", "CISCO-SA-ASAFTD-RO-PATH-KJUQHB86_DIRECT.NASL", "CISCO-SA-ASAFTD-RO-PATH-KJUQHB86-FTD.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "F5_CVE-2020-5902.NASL"]}, {"type": "symantec", "idList": ["SMNTC-111238"]}, {"type": "hackerone", "idList": ["H1:951508", "H1:959679", "H1:671749", "H1:943717", "H1:960082", "H1:1137321", "H1:962908", "H1:680480", "H1:1257100", "H1:951530", "H1:1023792", "H1:949560"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:66E92B63FC165BEAF707A9D6B2807033", "QUALYSBLOG:82E24C28622F0C96140EDD88C6BD8F54"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:461B7AEC7D12A32B4ED085F0EA213502"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C", "CISA:134C272F26FB005321448C648224EB02", "CISA:3219D2E89DB1680D9EF6F22691FC5829"]}, {"type": "citrix", "idList": ["CTX267027"]}, {"type": "githubexploit", "idList": ["4FD04BD1-692B-5EE7-B79B-19C98E9C3B32", "1C799A66-9A29-5A67-B2E3-41F3AE216A0E", "00B8023B-5D2D-5FF7-9F9E-C773ACF38386", "F9A613C5-972B-544D-A63C-E3E9A3F88340", "E6138420-77EE-5F9C-A97D-2A839DEB4073", "52814444-4FCC-517B-B4B3-6DC5C4A27AA6", "C63DDE2A-5910-5413-9A56-03799666EA88", "62891769-2887-58A7-A603-BCD5E6A6D6F9", "C467EA51-59B6-5BEB-A634-62EFC2DC4419", "059DC199-E425-50EE-B5F5-E351E0323E69", "DC044D23-6D59-5326-AB78-94633F024A74", "77912E98-768B-5AF5-AE06-1F42C6D88F72", "7D3B30C9-3802-5443-A342-4E4E6F6237AC", "31DB22CD-3492-524F-9D26-035FC1086A71", "765DCAD5-2789-5451-BBFA-FAD691719F7A", "9F6806F4-97B7-5885-AE3E-250F6127D80C", "76A6F282-B5BA-5D47-AA07-B2415C9E3BFB", "6D3B65B1-5E34-58B2-96A9-9E47575E070D", "BBEEB41B-D67F-54B6-BA27-1956F83AAAC5", "1A3E21B6-FA92-54E8-9E68-C428AED33899", "1A8487C7-CACB-5328-9E37-41E9F4DF336F", "DF54BC36-EFA5-5EC6-9E17-01ECF18FD53C", "B042A63E-E661-5B8E-9AA1-F0DEE4C18402", "486B7BFA-C5C7-5FA9-AF20-76F859ABFD6D"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:6F67E97EF55C748CBFEE482E85D4751A"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:3981EF309A794B1CC15F5BBC6C2B181B"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:6ECB9DE9A2D8D714DB50F19BAF7BF3D4", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:155904", "PACKETSTORM:155905", "PACKETSTORM:158647", "PACKETSTORM:154176", "PACKETSTORM:160497", "PACKETSTORM:159523", "PACKETSTORM:155930", "PACKETSTORM:155972"]}, {"type": "zdt", "idList": ["1337DAY-ID-34760", "1337DAY-ID-33140", "1337DAY-ID-33806", "1337DAY-ID-33824"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/CITRIX_DIR_TRAVERSAL", "MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "cisco", "idList": ["CISCO-SA-ASAFTD-RO-PATH-KJUQHB86"]}, {"type": "canvas", "idList": ["NETSCALER_TRAVERSAL_RCE"]}], "modified": "2022-01-11T13:16:12", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2022-01-11T13:16:12", "rev": 2}, "vulnersScore": 4.7}, "toolHref": "https://github.com/fierceoj/ShonyDanza"}
{"attackerkb": [{"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "d99efc4970050469871181ce5487c968", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2022-01-18T20:32:38", "history": [{"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "95375fa575a28c6c706ab3de6b469cd6", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2020-07-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://kb.pulsesecure.net?atype=sa", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "http://www.securityfocus.com/bid/108073", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study", "https://www.kb.cert.org/vuls/id/927237", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510"], "cvelist": ["CVE-2015-8878", "CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-02-25T12:22:16", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2021-02-25T12:22:16", "references": [{"idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"], "type": "qualysblog"}, {"idList": ["OPENVAS:1361412562310808612", "OPENVAS:1361412562310808613"], "type": "openvas"}, {"idList": ["PACKETSTORM:154176"], "type": "packetstorm"}, {"idList": ["H1:671749", "H1:680480", "H1:678496", "H1:671857", "H1:591295"], "type": "hackerone"}, {"idList": ["1337DAY-ID-33140"], "type": "zdt"}, {"idList": ["VU:927237"], "type": "cert"}, {"idList": ["CVE-2015-8878", "CVE-2019-11510"], "type": "cve"}, {"idList": ["MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"], "type": "malwarebytes"}, {"idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD"], "type": "securelist"}, {"idList": ["THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452"], "type": "threatpost"}, {"idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"], "type": "mssecure"}, {"idList": ["EDB-ID:47297"], "type": "exploitdb"}, {"idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"], "type": "attackerkb"}, {"idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "DEBIAN_DLA-499.NASL"], "type": "nessus"}, {"idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"], "type": "metasploit"}, {"idList": ["MYHACK58:62201995674"], "type": "myhack58"}, {"idList": ["E-688"], "type": "dsquare"}, {"idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"], "type": "impervablog"}, {"idList": ["DEBIAN:DLA-499-1:7BEC5"], "type": "debian"}, {"idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"], "type": "exploitpack"}, {"idList": ["THN:46994B7A671ED65AD9975F25F514C6E3", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:E9454DED855ABE5718E4612A2A750A98"], "type": "thn"}], "rev": 2}, "score": {"modified": "2021-02-25T12:22:16", "rev": 2, "value": 6.2, "vector": "NONE"}}, "objectVersion": "1.4", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {}, "wildExploitedReports": [], "references_categories": {}, "tags": [], "mitre_vector": {}, "last_activity": null}, "lastseen": "2021-02-25T12:22:16", "differentElements": ["cvelist", "references_categories"], "edition": 1}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "fc31ab4bfe25769e545d63035122432c", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2020-07-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://kb.pulsesecure.net?atype=sa", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "http://www.securityfocus.com/bid/108073", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study", "https://www.kb.cert.org/vuls/id/927237", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-05-06T15:17:47", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2021-05-06T15:17:47", "references": [{"idList": ["THN:46994B7A671ED65AD9975F25F514C6E3", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:E9454DED855ABE5718E4612A2A750A98"], "type": "thn"}, {"idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"], "type": "qualysblog"}, {"idList": ["PACKETSTORM:154176"], "type": "packetstorm"}, {"idList": ["H1:671749", "H1:680480", "H1:678496", "H1:671857", "H1:591295"], "type": "hackerone"}, {"idList": ["1337DAY-ID-33140"], "type": "zdt"}, {"idList": ["VU:927237"], "type": "cert"}, {"idList": ["CVE-2019-11510"], "type": "cve"}, {"idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"], "type": "securelist"}, {"idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"], "type": "mssecure"}, {"idList": ["MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"], "type": "malwarebytes"}, {"idList": ["EDB-ID:47297"], "type": "exploitdb"}, {"idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"], "type": "attackerkb"}, {"idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"], "type": "metasploit"}, {"idList": ["MYHACK58:62201995674"], "type": "myhack58"}, {"idList": ["E-688"], "type": "dsquare"}, {"idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"], "type": "rapid7blog"}, {"idList": ["THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648"], "type": "threatpost"}, {"idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"], "type": "impervablog"}, {"idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"], "type": "nessus"}, {"idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"], "type": "cisa"}, {"idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"], "type": "exploitpack"}], "rev": 2}, "score": {"modified": "2021-05-06T15:17:47", "rev": 2, "value": 6.2, "vector": "NONE"}}, "objectVersion": "1.5", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {}, "wildExploitedReports": [], "references_categories": {"Advisory": ["https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://www.kb.cert.org/vuls/id/927237", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"], "Canonical": ["http://www.securityfocus.com/bid/108073", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510"], "Miscellaneous": ["http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://kb.pulsesecure.net?atype=sa", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510"]}, "tags": [], "mitre_vector": {}, "last_activity": null}, "lastseen": "2021-05-06T15:17:47", "differentElements": ["last_activity", "tags", "wildExploitedCategory"], "edition": 2}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "222ea70cc6694159b610a1b227393e99", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2020-07-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://kb.pulsesecure.net?atype=sa", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "http://www.securityfocus.com/bid/108073", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study", "https://www.kb.cert.org/vuls/id/927237", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-07-01T15:34:27", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2021-07-01T15:34:27", "references": [{"idList": ["THN:46994B7A671ED65AD9975F25F514C6E3", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:E9454DED855ABE5718E4612A2A750A98"], "type": "thn"}, {"idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"], "type": "qualysblog"}, {"idList": ["PACKETSTORM:154176"], "type": "packetstorm"}, {"idList": ["H1:671749", "H1:680480", "H1:678496", "H1:671857", "H1:591295"], "type": "hackerone"}, {"idList": ["1337DAY-ID-33140"], "type": "zdt"}, {"idList": ["VU:927237"], "type": "cert"}, {"idList": ["CVE-2019-11510"], "type": "cve"}, {"idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"], "type": "securelist"}, {"idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"], "type": "mssecure"}, {"idList": ["EDB-ID:47297"], "type": "exploitdb"}, {"idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"], "type": "attackerkb"}, {"idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"], "type": "metasploit"}, {"idList": ["MYHACK58:62201995674"], "type": "myhack58"}, {"idList": ["E-688"], "type": "dsquare"}, {"idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"], "type": "rapid7blog"}, {"idList": ["THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648"], "type": "threatpost"}, {"idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"], "type": "impervablog"}, {"idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"], "type": "nessus"}, {"idList": ["MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"], "type": "malwarebytes"}, {"idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"], "type": "cisa"}, {"idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"], "type": "exploitpack"}], "rev": 2}, "score": {"modified": "2021-07-01T15:34:27", "rev": 2, "value": 6.2, "vector": "NONE"}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"News Article or Blog": ""}, "wildExploitedReports": [], "references_categories": {"Advisory": ["https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://www.kb.cert.org/vuls/id/927237", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"], "Canonical": ["http://www.securityfocus.com/bid/108073", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510"], "Miscellaneous": ["http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://kb.pulsesecure.net?atype=sa", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510"]}, "tags": ["easy_to_develop", "high_privilege_access", "default_configuration", "common_enterprise", "pre_auth"], "mitre_vector": {}, "last_activity": "2000-01-01T10:00:00"}, "lastseen": "2021-07-01T15:34:27", "differentElements": ["description", "last_activity", "wildExploitedReports"], "edition": 3}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "e366fabba9597092d195b9626de1a901", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2020-07-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://kb.pulsesecure.net?atype=sa", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "http://www.securityfocus.com/bid/108073", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study", "https://www.kb.cert.org/vuls/id/927237", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-07-20T20:11:26", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2021-07-20T20:11:26", "references": [{"idList": ["THN:46994B7A671ED65AD9975F25F514C6E3", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:E9454DED855ABE5718E4612A2A750A98"], "type": "thn"}, {"idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"], "type": "qualysblog"}, {"idList": ["PACKETSTORM:154176"], "type": "packetstorm"}, {"idList": ["H1:671749", "H1:680480", "H1:678496", "H1:671857", "H1:591295"], "type": "hackerone"}, {"idList": ["1337DAY-ID-33140"], "type": "zdt"}, {"idList": ["VU:927237"], "type": "cert"}, {"idList": ["CVE-2019-11510"], "type": "cve"}, {"idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"], "type": "securelist"}, {"idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"], "type": "mssecure"}, {"idList": ["EDB-ID:47297"], "type": "exploitdb"}, {"idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"], "type": "attackerkb"}, {"idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"], "type": "metasploit"}, {"idList": ["MYHACK58:62201995674"], "type": "myhack58"}, {"idList": ["E-688"], "type": "dsquare"}, {"idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"], "type": "rapid7blog"}, {"idList": ["THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648"], "type": "threatpost"}, {"idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"], "type": "impervablog"}, {"idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"], "type": "nessus"}, {"idList": ["MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"], "type": "malwarebytes"}, {"idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"], "type": "cisa"}, {"idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"], "type": "exploitpack"}], "rev": 2}, "score": {"modified": "2021-07-20T20:11:26", "rev": 2, "value": 6.6, "vector": "NONE"}}, "objectVersion": "1.5", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"News Article or Blog": ""}, "wildExploitedReports": [{"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Advisory": ["https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://www.kb.cert.org/vuls/id/927237", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"], "Canonical": ["http://www.securityfocus.com/bid/108073", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510"], "Miscellaneous": ["http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://kb.pulsesecure.net?atype=sa", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510"]}, "tags": ["easy_to_develop", "high_privilege_access", "default_configuration", "common_enterprise", "pre_auth"], "mitre_vector": {}, "last_activity": "2021-06-17T19:25:00"}, "lastseen": "2021-07-20T20:11:26", "differentElements": ["cvss2", "cvss3", "last_activity", "modified"], "edition": 4}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "ac2872e35b9b488eb21e7ecb45527364e7032cf06d1aa824d0bd3e9ffc1f8e55", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-07-27T21:13:03", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"modified": "2021-07-27T21:13:03", "references": [{"idList": ["THN:46994B7A671ED65AD9975F25F514C6E3", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:E9454DED855ABE5718E4612A2A750A98"], "type": "thn"}, {"idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"], "type": "qualysblog"}, {"idList": ["PACKETSTORM:154176"], "type": "packetstorm"}, {"idList": ["H1:671749", "H1:680480", "H1:678496", "H1:671857", "H1:591295"], "type": "hackerone"}, {"idList": ["1337DAY-ID-33140"], "type": "zdt"}, {"idList": ["VU:927237"], "type": "cert"}, {"idList": ["CVE-2019-11510"], "type": "cve"}, {"idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"], "type": "securelist"}, {"idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"], "type": "mssecure"}, {"idList": ["EDB-ID:47297"], "type": "exploitdb"}, {"idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"], "type": "attackerkb"}, {"idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"], "type": "metasploit"}, {"idList": ["MYHACK58:62201995674"], "type": "myhack58"}, {"idList": ["E-688"], "type": "dsquare"}, {"idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"], "type": "rapid7blog"}, {"idList": ["THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648"], "type": "threatpost"}, {"idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"], "type": "impervablog"}, {"idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"], "type": "nessus"}, {"idList": ["MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"], "type": "malwarebytes"}, {"idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"], "type": "cisa"}, {"idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"], "type": "exploitpack"}], "rev": 2}, "score": {"modified": "2021-07-27T21:13:03", "rev": 2, "value": 6.6, "vector": "NONE"}}, "objectVersion": "1.5", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"News Article or Blog": ""}, "wildExploitedReports": [{"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-27T00:00:00"}, "lastseen": "2021-07-27T21:13:03", "differentElements": ["attackerkb", "cvss2", "cvss3", "last_activity", "references_categories", "tags", "wildExploited", "wildExploitedCategory", "wildExploitedReports"], "edition": 5}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "ff008739291a4e503d58134136413a53f979e8ad494430c607c688124b1768da", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://kb.pulsesecure.net?atype=sa", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "http://www.securityfocus.com/bid/108073", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study", "https://www.kb.cert.org/vuls/id/927237", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-07-27T21:13:03", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"modified": "2021-07-27T21:13:03", "references": [{"idList": ["THN:46994B7A671ED65AD9975F25F514C6E3", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:E9454DED855ABE5718E4612A2A750A98"], "type": "thn"}, {"idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"], "type": "qualysblog"}, {"idList": ["PACKETSTORM:154176"], "type": "packetstorm"}, {"idList": ["H1:671749", "H1:680480", "H1:678496", "H1:671857", "H1:591295"], "type": "hackerone"}, {"idList": ["1337DAY-ID-33140"], "type": "zdt"}, {"idList": ["VU:927237"], "type": "cert"}, {"idList": ["CVE-2019-11510"], "type": "cve"}, {"idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"], "type": "securelist"}, {"idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"], "type": "mssecure"}, {"idList": ["EDB-ID:47297"], "type": "exploitdb"}, {"idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"], "type": "attackerkb"}, {"idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"], "type": "metasploit"}, {"idList": ["MYHACK58:62201995674"], "type": "myhack58"}, {"idList": ["E-688"], "type": "dsquare"}, {"idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"], "type": "rapid7blog"}, {"idList": ["THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648"], "type": "threatpost"}, {"idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"], "type": "impervablog"}, {"idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"], "type": "nessus"}, {"idList": ["MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"], "type": "malwarebytes"}, {"idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"], "type": "cisa"}, {"idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"], "type": "exploitpack"}], "rev": 2}, "score": {"modified": "2021-07-27T21:13:03", "rev": 2, "value": 6.6, "vector": "NONE"}}, "objectVersion": "1.5", "attackerkb": {}, "wildExploited": false, "wildExploitedCategory": {}, "wildExploitedReports": [], "references_categories": {}, "tags": [], "mitre_vector": {}, "last_activity": null}, "lastseen": "2021-07-27T21:13:03", "differentElements": ["attackerkb", "cvss2", "cvss3", "last_activity", "references_categories", "tags", "wildExploited", "wildExploitedCategory", "wildExploitedReports"], "edition": 6}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-07-29T04:52:19", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL"]}, {"type": "hackerone", "idList": ["H1:680480", "H1:695005", "H1:591295", "H1:671749", "H1:671857", "H1:678496"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:1ED1BB1B7B192353E154FB0B02F314F4"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "securelist", "idList": ["SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-07-29T04:52:19", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-07-29T04:52:19", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-07-29T04:52:19", "differentElements": ["href"], "edition": 7}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-04T22:42:57", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL"]}, {"type": "hackerone", "idList": ["H1:680480", "H1:695005", "H1:591295", "H1:671749", "H1:671857", "H1:678496"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:1ED1BB1B7B192353E154FB0B02F314F4"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "securelist", "idList": ["SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-07-29T04:52:19", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-07-29T04:52:19", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-04T22:42:57", "differentElements": ["href"], "edition": 8}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-04T22:43:48", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295", "H1:671749"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:B95DC27A89565323F0F8E6350D24D801", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "attackerkb", "idList": ["AKB:0C69B33C-2322-4075-BE16-A92593B75107", "AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-04T22:43:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-04T22:43:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-04T22:43:48", "differentElements": ["href"], "edition": 9}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-05T04:41:45", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295", "H1:671749"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:B95DC27A89565323F0F8E6350D24D801", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "attackerkb", "idList": ["AKB:0C69B33C-2322-4075-BE16-A92593B75107", "AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-04T22:43:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-04T22:43:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-05T04:41:45", "differentElements": ["href"], "edition": 10}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-05T04:42:05", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295", "H1:671749"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:B95DC27A89565323F0F8E6350D24D801", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "attackerkb", "idList": ["AKB:0C69B33C-2322-4075-BE16-A92593B75107", "AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-04T22:43:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-04T22:43:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-05T04:42:05", "differentElements": ["href"], "edition": 11}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-05T07:41:37", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295", "H1:671749"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:B95DC27A89565323F0F8E6350D24D801", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "attackerkb", "idList": ["AKB:0C69B33C-2322-4075-BE16-A92593B75107", "AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-04T22:43:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-04T22:43:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-05T07:41:37", "differentElements": ["href"], "edition": 12}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-05T07:41:56", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295", "H1:671749"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:B95DC27A89565323F0F8E6350D24D801", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "attackerkb", "idList": ["AKB:0C69B33C-2322-4075-BE16-A92593B75107", "AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-04T22:43:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-04T22:43:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-05T07:41:56", "differentElements": ["href"], "edition": 13}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-05T10:42:01", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295", "H1:671749"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:B95DC27A89565323F0F8E6350D24D801", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "attackerkb", "idList": ["AKB:0C69B33C-2322-4075-BE16-A92593B75107", "AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-04T22:43:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-04T22:43:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-05T10:42:01", "differentElements": ["href"], "edition": 14}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-05T10:42:22", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:680480", "H1:671749", "H1:695005", "H1:591295", "H1:678496", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502"]}, {"type": "threatpost", "idList": ["THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E"]}], "modified": "2021-10-05T10:42:22", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-05T10:42:22", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-05T10:42:22", "differentElements": ["href"], "edition": 15}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-05T16:45:10", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:680480", "H1:671749", "H1:695005", "H1:591295", "H1:678496", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502"]}, {"type": "threatpost", "idList": ["THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E"]}], "modified": "2021-10-05T10:42:22", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-05T10:42:22", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-05T16:45:10", "differentElements": ["href"], "edition": 16}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-05T16:45:35", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:680480", "H1:671749", "H1:695005", "H1:591295", "H1:678496", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502"]}, {"type": "threatpost", "idList": ["THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E"]}], "modified": "2021-10-05T10:42:22", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-05T10:42:22", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-05T16:45:35", "differentElements": ["href"], "edition": 17}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-05T19:43:59", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:680480", "H1:671749", "H1:695005", "H1:591295", "H1:678496", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502"]}, {"type": "threatpost", "idList": ["THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E"]}], "modified": "2021-10-05T10:42:22", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-05T10:42:22", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-05T19:43:59", "differentElements": ["href"], "edition": 18}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-05T19:44:21", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:680480", "H1:671749", "H1:695005", "H1:591295", "H1:678496", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502"]}, {"type": "threatpost", "idList": ["THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E"]}], "modified": "2021-10-05T10:42:22", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-05T10:42:22", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-05T19:44:21", "differentElements": ["href"], "edition": 19}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-05T22:43:44", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:680480", "H1:671749", "H1:695005", "H1:591295", "H1:678496", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502"]}, {"type": "threatpost", "idList": ["THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E"]}], "modified": "2021-10-05T10:42:22", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-05T10:42:22", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-05T22:43:44", "differentElements": ["href"], "edition": 20}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-05T22:44:09", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:680480", "H1:671749", "H1:695005", "H1:591295", "H1:678496", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502"]}, {"type": "threatpost", "idList": ["THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E"]}], "modified": "2021-10-05T10:42:22", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-05T10:42:22", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-05T22:44:09", "differentElements": ["href"], "edition": 21}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-06T01:42:10", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:680480", "H1:671749", "H1:695005", "H1:591295", "H1:678496", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502"]}, {"type": "threatpost", "idList": ["THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E"]}], "modified": "2021-10-05T10:42:22", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-05T10:42:22", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-06T01:42:10", "differentElements": ["href"], "edition": 22}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-06T01:42:28", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:680480", "H1:671749", "H1:695005", "H1:591295", "H1:678496", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502"]}, {"type": "threatpost", "idList": ["THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E"]}], "modified": "2021-10-05T10:42:22", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-05T10:42:22", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-06T01:42:28", "differentElements": ["href"], "edition": 23}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-06T04:43:00", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:680480", "H1:671749", "H1:695005", "H1:591295", "H1:678496", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502"]}, {"type": "threatpost", "idList": ["THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E"]}], "modified": "2021-10-05T10:42:22", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-05T10:42:22", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-06T04:43:00", "differentElements": ["href"], "edition": 24}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-06T04:43:21", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:680480", "H1:671749", "H1:695005", "H1:591295", "H1:678496", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502"]}, {"type": "threatpost", "idList": ["THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E"]}], "modified": "2021-10-05T10:42:22", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-05T10:42:22", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-06T04:43:21", "differentElements": ["href"], "edition": 25}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-06T07:42:57", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:680480", "H1:671749", "H1:695005", "H1:591295", "H1:678496", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502"]}, {"type": "threatpost", "idList": ["THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E"]}], "modified": "2021-10-05T10:42:22", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-05T10:42:22", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-06T07:42:57", "differentElements": ["href"], "edition": 26}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-06T07:43:21", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:680480", "H1:671749", "H1:695005", "H1:591295", "H1:678496", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502"]}, {"type": "threatpost", "idList": ["THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E"]}], "modified": "2021-10-05T10:42:22", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-05T10:42:22", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-06T07:43:21", "differentElements": ["href"], "edition": 27}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-06T10:46:38", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:680480", "H1:671749", "H1:695005", "H1:591295", "H1:678496", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502"]}, {"type": "threatpost", "idList": ["THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E"]}], "modified": "2021-10-05T10:42:22", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-05T10:42:22", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-06T10:46:38", "differentElements": ["href"], "edition": 28}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-06T10:46:52", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-06T10:46:52", "differentElements": ["href"], "edition": 29}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-06T16:44:43", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-06T16:44:43", "differentElements": ["href"], "edition": 30}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-06T16:45:10", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-06T16:45:10", "differentElements": ["href"], "edition": 31}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-06T19:43:30", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-06T19:43:30", "differentElements": ["href"], "edition": 32}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-06T19:43:35", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-06T19:43:35", "differentElements": ["href"], "edition": 33}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-06T22:42:00", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-06T22:42:00", "differentElements": ["href"], "edition": 34}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-06T22:42:19", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-06T22:42:19", "differentElements": ["href"], "edition": 35}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-07T01:42:10", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-07T01:42:10", "differentElements": ["href"], "edition": 36}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-07T01:42:30", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-07T01:42:30", "differentElements": ["href"], "edition": 37}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-07T04:41:48", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-07T04:41:48", "differentElements": ["href"], "edition": 38}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-07T04:42:14", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-07T04:42:14", "differentElements": ["href"], "edition": 39}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-07T07:41:46", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-07T07:41:46", "differentElements": ["href"], "edition": 40}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-07T07:42:04", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-07T07:42:04", "differentElements": ["href"], "edition": 41}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-07T10:42:10", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-07T10:42:10", "differentElements": ["href"], "edition": 42}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-07T10:42:29", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-07T10:42:29", "differentElements": ["href"], "edition": 43}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-07T13:43:13", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-07T13:43:13", "differentElements": ["href"], "edition": 44}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-07T13:43:31", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-07T13:43:31", "differentElements": ["href"], "edition": 45}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-07T16:46:47", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-07T16:46:47", "differentElements": ["href"], "edition": 46}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-07T16:47:11", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-07T16:47:11", "differentElements": ["href"], "edition": 47}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-07T19:41:33", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-07T19:41:33", "differentElements": ["href"], "edition": 48}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-07T19:41:54", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-07T19:41:54", "differentElements": ["href"], "edition": 49}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-07T22:46:16", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-07T22:46:16", "differentElements": ["href"], "edition": 50}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-07T22:46:38", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-07T22:46:38", "differentElements": ["href"], "edition": 51}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-08T01:43:32", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-08T01:43:32", "differentElements": ["href"], "edition": 52}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-08T01:44:01", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-08T01:44:01", "differentElements": ["href"], "edition": 53}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-08T04:42:00", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-08T04:42:00", "differentElements": ["href"], "edition": 54}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-08T04:42:32", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-08T04:42:32", "differentElements": ["href"], "edition": 55}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-08T07:43:18", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-08T07:43:18", "differentElements": ["href"], "edition": 56}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-08T07:43:49", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-08T07:43:49", "differentElements": ["href"], "edition": 57}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-08T11:11:36", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:591295", "H1:695005", "H1:678496", "H1:680480", "H1:671857"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:91A2A296EF8B6FD5CD8B904690E810E8"]}, {"type": "threatpost", "idList": ["THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-10-06T10:46:52", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-06T10:46:52", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-08T11:11:36", "differentElements": ["href"], "edition": 58}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-08T11:11:48", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-08T11:11:48", "differentElements": ["href"], "edition": 59}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-08T16:50:46", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-08T16:50:46", "differentElements": ["href"], "edition": 60}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-08T16:51:11", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-08T16:51:11", "differentElements": ["href"], "edition": 61}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-08T19:42:08", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-08T19:42:08", "differentElements": ["href"], "edition": 62}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-08T19:42:55", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-08T19:42:55", "differentElements": ["href"], "edition": 63}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-08T22:41:37", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-08T22:41:37", "differentElements": ["href"], "edition": 64}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-08T22:41:54", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-08T22:41:54", "differentElements": ["href"], "edition": 65}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-09T01:41:33", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-09T01:41:33", "differentElements": ["href"], "edition": 66}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-09T01:41:55", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-09T01:41:55", "differentElements": ["href"], "edition": 67}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-09T04:42:28", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-09T04:42:28", "differentElements": ["href"], "edition": 68}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-09T04:42:47", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-09T04:42:47", "differentElements": ["href"], "edition": 69}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-09T07:41:47", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-09T07:41:47", "differentElements": ["href"], "edition": 70}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-09T07:42:09", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-09T07:42:09", "differentElements": ["href"], "edition": 71}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-09T10:41:33", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-09T10:41:33", "differentElements": ["href"], "edition": 72}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-09T10:41:58", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-09T10:41:58", "differentElements": ["href"], "edition": 73}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-09T13:42:04", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-09T13:42:04", "differentElements": ["href"], "edition": 74}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-09T13:42:33", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-09T13:42:33", "differentElements": ["href"], "edition": 75}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-09T16:41:55", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-09T16:41:55", "differentElements": ["href"], "edition": 76}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-09T19:42:12", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-09T19:42:12", "differentElements": ["href"], "edition": 77}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-09T22:42:35", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-09T22:42:35", "differentElements": ["href"], "edition": 78}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-09T22:42:54", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-09T22:42:54", "differentElements": ["href"], "edition": 79}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-10T01:41:36", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-10T01:41:36", "differentElements": ["href"], "edition": 80}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-10T01:41:57", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-10T01:41:57", "differentElements": ["href"], "edition": 81}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-10T04:42:10", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-10T04:42:10", "differentElements": ["href"], "edition": 82}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-10T04:42:58", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-10T04:42:58", "differentElements": ["href"], "edition": 83}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-10T07:41:48", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-10T07:41:48", "differentElements": ["href"], "edition": 84}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-10T07:42:11", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-10T07:42:11", "differentElements": ["href"], "edition": 85}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-10T10:41:46", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-10T10:41:46", "differentElements": ["href"], "edition": 86}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-10T10:42:05", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-10T10:42:05", "differentElements": ["href"], "edition": 87}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-10T13:42:19", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-10T13:42:19", "differentElements": ["href"], "edition": 88}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-10T13:42:39", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-10T13:42:39", "differentElements": ["href"], "edition": 89}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "adbb98fdb93041bc8beb0d0b997e42fb", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/comments/cdcd5255-c634-48ae-8101-b6adbf5f8ed7", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-10T16:42:26", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF"]}, {"type": "zdt", "idList": ["1337DAY-ID-33140"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C"]}, {"type": "exploitdb", "idList": ["EDB-ID:47297"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154176"]}, {"type": "attackerkb", "idList": ["AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:0C69B33C-2322-4075-BE16-A92593B75107"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "mssecure", "idList": ["MSSECURE:E3C8B97294453D962741782EC959E79C"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:934E8AA177A27150B87EC15F920BF350"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995674"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "cert", "idList": ["VU:927237"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-10-08T11:11:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-08T11:11:48", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 5, "exploitability": 5}, "wildExploited": true, "wildExploitedCategory": {"Government or Industry Alert": ""}, "wildExploitedReports": [{"category": "Government or Industry Alert", "source_url": "https://us-cert.cisa.gov/ncas/alerts/aa21-209a", "published": "2021-06-17T19:25:00"}, {"category": "News Article or Blog", "source_url": "https://securelist.com/black-kingdom-ransomware/102873/", "published": "2021-06-17T19:25:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073"], "Advisory": ["https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237"], "Miscellaneous": ["https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"]}, "tags": ["common_enterprise", "easy_to_develop", "high_privilege_access", "pre_auth", "default_configuration"], "mitre_vector": {}, "last_activity": "2021-07-28T15:46:00"}, "lastseen": "2021-10-10T16:42:26", "differentElements": ["href"], "edition": 90}, {"bulletin": {"id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "vendorId": null, "hash": "f75eb7874403ddf0723713fc5742ccfe", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "published": "2019-05-08T00:00:00", "modified": "2021-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a@%3Cuser.guacamole.apache.org%3E", "https://www.kb.cert.org/vuls/id/927237", "https://kb.pulsesecure.net?atype=sa", "http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510", "http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html", "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf", "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study"], "cvelist": ["CVE-2019-11510"], "immutableFields": [], "lastseen": "2021-10-10T16:42:46", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11510"]}, {"type": "nessus", "idList": ["PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL"]}, {"type": "hackerone", "idList": ["H1:671749", "H1:695005", "H1:680480", "H1:671857", "H1:678496", "H1:591295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "thn", "idList": ["THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:46994B7A671ED65AD9975F25F514C6E3"]}, {"type": "threatpost", "idList": ["THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPO
