Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.PULSE_POLICY_SECURE-SA44601.NASL
HistoryOct 30, 2020 - 12:00 a.m.

Pulse Policy Secure < 9.1R9 (SA44601)

2020-10-3000:00:00
This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
81
JSON

According to its self-reported version, the version of Pulse Policy Secure running on the remote host is prior to 9.1R9. It is, therefore, affected by the following vulnerabilities:

  • A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. (CVE-2020-8260)

  • A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. (CVE-2020-8261)

  • jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution. If an unsanitized source object contained an enumerable
    proto property, it could extend the native Object.prototype. (CVE-2019-11358)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (c) Tenable Network Security, Inc.
##

include('compat.inc');

if (description)
{
  script_id(142057);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");

  script_cve_id(
    "CVE-2015-9251",
    "CVE-2019-11358",
    "CVE-2020-8255",
    "CVE-2020-8260",
    "CVE-2020-8261",
    "CVE-2020-8262",
    "CVE-2020-8263",
    "CVE-2020-15352"
  );
  script_xref(name:"IAVA", value:"2020-A-0495");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/04/23");
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");

  script_name(english:"Pulse Policy Secure < 9.1R9 (SA44601)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the version of Pulse Policy Secure running on the remote host is prior to
9.1R9. It is, therefore, affected by the following vulnerabilities:

  - A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated
    attacker to perform an arbitrary code execution using uncontrolled gzip extraction. (CVE-2020-8260)

  - A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary
    cookie injection. (CVE-2020-8261)

  - jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true,
    {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable
    __proto__ property, it could extend the native Object.prototype. (CVE-2019-11358)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Pulse Policy Secure version 9.1R9 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8260");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Pulse Secure VPN gzip RCE');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/10/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/30");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:pulsesecure:pulse_policy_secure");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("pulse_policy_secure_detect.nbin");
  script_require_keys("installed_sw/Pulse Policy Secure");

  exit(0);
}

include('vcf.inc');

app_info = vcf::get_app_info(app:'Pulse Policy Secure', port:443);

constraints = [
 {'fixed_version':'9.1R9'}
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_WARNING,
  flags:{'xss':TRUE}
);
VendorProductVersionCPE
pulsesecurepulse_policy_securecpe:/a:pulsesecure:pulse_policy_secure

Related

nessus 33
atlassian 11
ibm 36
prion 8
cve 10
packetstorm 1
attackerkb 3
metasploit 1
cisa_kev 1
zdt 1
openvas 20
f5 2
ics 1
ubuntucve 2
cloudfoundry 1
debiancve 2
alpinelinux 2
github 2
osv 11
freebsd 3
githubexploit 4
redhatcve 1
symantec 1
debian 5
redhat 8
typo3 1
joomla 1
hackerone 2
drupal 1
veracode 1
checkpoint_advisories 1
fedora 6
amazon 1
laminas 2
fortinet 1
archlinux 2
cnvd 1
oraclelinux 2
thn 2
altlinux 1
rocky 2
threatpost 1
malwarebytes 1
nessus
nessus
Pulse Connect Secure < 9.1R9 (SA44601)
2020-10-30 00:00:00
JQuery < 3.0.0 XSS
2019-05-15 00:00:00
FreeBSD : rt -- XSS via jQuery (416ca0f4-3fe0-11e9-bbdd-6805ca0b3d42)
2019-03-07 00:00:00
atlassian
atlassian
Jira uses vulnerable jQuery version CVE-2015-9251
2020-04-20 13:29:57
Address CVE-2019-11358 in the bundled version of jQuery
2019-07-08 22:50:18
Address CVE-2019-11358 in the bundled version of jQuery
2019-07-08 22:57:45
ibm
ibm
Security Bulletin: Multiple security vulnerabilities in Swagger UI affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)
2022-09-14 15:28:14
Security Bulletin: Multiple vulnerabilities found in third party libraries used by IBM® MobileFirst Platform
2023-04-19 17:26:48
Security Bulletin: jQuery included in ITNM is vulnerable to Cross-site Scripting (XSS) attacks (multiple vulnerabilities)
2023-01-05 15:14:50
prion
prion
Server side request forgery (ssrf)
2020-10-27 05:15:00
Design/Logic Flaw
2020-10-28 13:15:00
Cross site scripting
2020-10-28 13:15:00
cve
cve
CVE-2020-15352
2020-10-27 05:15:00
CVE-2020-8261
2020-10-28 13:15:00
CVE-2020-8255
2020-10-28 13:15:00
packetstorm
packetstorm
Pulse Secure VPN Remote Code Execution
2020-12-18 00:00:00
attackerkb
attackerkb
CVE-2020-8260
2020-10-28 00:00:00
CVE-2015-9251
2018-01-18 00:00:00
CVE-2019-11358
2019-04-20 00:00:00
metasploit
metasploit
Pulse Secure VPN gzip RCE
2020-12-07 15:54:20
cisa_kev
cisa_kev
Ivanti Pulse Connect Secure Code Execution Vulnerability
2021-11-03 00:00:00
zdt
zdt
Pulse Secure VPN Remote Code Execution Exploit
2020-12-18 00:00:00
openvas
openvas
Tenable Nessus Network Monitor < 5.11.0 Multiple Vulnerabilities (TNS-2019-08)
2022-12-20 00:00:00
jQuery < 3.0.0 XSS Vulnerability
2018-11-01 00:00:00
Debian: Security Advisory (DSA-4434-1)
2019-04-21 00:00:00
f5
f5
K29562170 : jQuery vulnerability CVE-2015-9251
2020-02-19 00:00:00
K20455158 : jQuery vulnerability CVE-2019-11358
2020-04-14 00:00:00
ics
ics
AVEVA InTouch Access Anywhere
2018-07-31 12:00:00
ubuntucve
ubuntucve
CVE-2015-9251
2018-01-18 00:00:00
CVE-2019-11358
2019-04-20 00:00:00
cloudfoundry
cloudfoundry
CVE-2015-9251: UAA contains vulnerable jQuery version | Cloud Foundry
2019-07-08 00:00:00
debiancve
debiancve
CVE-2015-9251
2018-01-18 23:29:00
CVE-2019-11358
2019-04-20 00:29:00
alpinelinux
alpinelinux
CVE-2015-9251
2018-01-18 23:29:00
CVE-2019-11358
2019-04-20 00:29:00
github
github
Cross-Site Scripting (XSS) in jquery
2018-01-22 13:32:06
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
2019-04-26 16:29:11
osv
osv
CVE-2015-9251
2018-01-18 23:29:00
Cross-Site Scripting (XSS) in jquery
2018-01-22 13:32:06
drupal7 - security update
2019-04-20 00:00:00
freebsd
freebsd
rt -- XSS via jQuery
2019-03-05 00:00:00
RDoc -- multiple jQuery vulnerabilities
2019-08-28 00:00:00
Django -- AdminURLFieldWidget XSS
2019-06-03 00:00:00
githubexploit
githubexploit
Exploit for Prototype Pollution in Jquery
2019-07-18 19:15:33
Exploit for Prototype Pollution in Jquery
2021-03-08 11:34:11
Exploit for Prototype Pollution in Jquery
2020-12-01 09:18:58
redhatcve
redhatcve
CVE-2019-11358
2021-07-18 00:15:31
symantec
symantec
JQuery CVE-2019-11358 Cross Site Scripting Vulnerability
2019-04-17 00:00:00
debian
debian
[SECURITY] [DLA 1777-1] jquery security update
2019-05-06 07:42:05
[SECURITY] [DSA 4434-1] drupal7 security update
2019-04-20 12:03:09
[SECURITY] [DLA 2118-1] otrs2 security update
2020-02-24 17:03:32
redhat
redhat
(RHSA-2020:1325) Moderate: python-XStatic-jQuery security update
2020-04-06 08:40:52
(RHSA-2020:5581) Moderate: python-XStatic-jQuery security update
2020-12-16 12:57:14
(RHSA-2020:0481) Important: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update
2020-02-12 15:24:44
typo3
typo3
Cross-Site Scripting in jQuery before 3.4.0
2019-05-07 00:00:00
joomla
joomla
[20190403] - Core - Object.prototype pollution in JQuery $.extend
2019-03-25 00:00:00
hackerone
hackerone
Node.js third-party modules: Prototype pollution attack through jQuery $.extend
2018-12-03 15:53:20
Ruby: Ruby is shipping a vulnerable jQuery
2019-03-30 14:10:34
drupal
drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-006
2019-04-17 00:00:00
veracode
veracode
Prototype Pollution
2019-04-22 03:41:01
checkpoint_advisories
checkpoint_advisories
jQuery Prototype Pollution Object Cross-Site Scripting (CVE-2019-11358)
2019-04-29 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: drupal7-7.66-1.fc30
2019-05-09 01:34:20
[SECURITY] Fedora 30 Update: drupal7-7.69-1.fc30
2020-01-04 22:16:18
[SECURITY] Fedora 30 Update: drupal7-7.67-1.fc30
2019-05-25 01:06:23
amazon
amazon
Medium: pcs
2023-01-18 00:16:00
laminas
laminas
XSS and RCE vectors in laminas-api-tools/api-tools-documentation-swagger
2020-04-01 21:30:00
XSS vectors in laminas-api-tools/api-tools
2020-04-01 21:30:00
fortinet
fortinet
Protect
2019-04-10 00:00:00
archlinux
archlinux
[ASA-201910-4] ruby-rdoc: cross-site scripting
2019-10-02 00:00:00
[ASA-201906-2] python-django: cross-site scripting
2019-06-04 00:00:00
cnvd
cnvd
Silverstripe framework cross-site scripting vulnerability
2022-11-23 00:00:00
oraclelinux
oraclelinux
pcs security update
2022-11-03 00:00:00
ipa security, bug fix, and enhancement update
2020-10-06 00:00:00
thn
thn
Pulse Secure VPNs Get New Urgent Update for Poorly Patched Critical Flaw
2021-08-09 09:00:00
WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations
2021-04-21 04:20:00
altlinux
altlinux
Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1
2020-10-21 00:00:00
rocky
rocky
pcs security, bug fix, and enhancement update
2021-11-09 08:21:49
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
threatpost
threatpost
Pulse Secure Critical Zero-Day Security Bug Under Active Exploit
2021-04-21 15:35:37
malwarebytes
malwarebytes
Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild
2021-04-21 18:12:15
JSON
Related for PULSE_POLICY_SECURE-SA44601.NASL
nessus33atlassian11ibm36prion8cve10packetstorm1attackerkb3metasploit1cisa_kev1zdt1openvas20f52ics1ubuntucve2cloudfoundry1debiancve2alpinelinux2github2osv11freebsd3githubexploit4redhatcve1symantec1debian5redhat8typo31joomla1hackerone2drupal1veracode1checkpoint_advisories1fedora6amazon1laminas2fortinet1archlinux2cnvd1oraclelinux2thn2altlinux1rocky2threatpost1malwarebytes1