Pulse Connect Secure and Policy Secure CVE-2019-11509 Access Bypass Vulnerability

Description

Pulse Connect Secure and Policy Secure are prone to an access-bypass vulnerability. An attacker can exploit this execute arbitrary code and perform unauthorized actions; this may aid in launching further attacks. The following products are vulnerable: Pulse Connect Secure 9.0RX, 8.3RX, 8.2RX, 8.1RX Pulse Policy Secure 9.0RX, 5.4RX, 5.3RX, 5.2RX, 5.1RX

Technologies Affected

• Pulse Secure Pulse Connect Secure 8.1RX
• Pulse Secure Pulse Connect Secure 8.2RX
• Pulse Secure Pulse Connect Secure 8.3RX
• Pulse Secure Pulse Connect Secure 9.0Rx
• Pulse Secure Pulse Policy Secure 5.1RX
• Pulse Secure Pulse Policy Secure 5.2RX
• Pulse Secure Pulse Policy Secure 5.3RX
• Pulse Secure Pulse Policy Secure 5.4RX
• Pulse Secure Pulse Policy Secure 9.0Rx

Recommendations

Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.

Updates are available. Please see the references or vendor advisory for more information.