CVE-2019-11510 | Armis Vulnerability Intelligence Database

Description Preview

In Pulse Secure Pulse Connect Secure (PCS) versions 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability. This vulnerability can lead to significant impacts, including unauthorized access to sensitive files, which may compromise the confidentiality, integrity, and availability of the affected systems.

Overview

CVE ID: CVE-2019-11510
Published Date: May 8, 2019
Last Updated: February 3, 2025
Severity: Critical (CVSS Base Score: 9.9)
Affected Versions:
- Pulse Connect Secure (PCS) 8.2 before 8.2R12.1
- Pulse Connect Secure (PCS) 8.3 before 8.3R7.1
- Pulse Connect Secure (PCS) 9.0 before 9.0R3.4
Attack Vector: Network
Privileges Required: Low
User Interaction: None
Impact: High on confidentiality, integrity, and availability.

Remediation

To mitigate the risk associated with CVE-2019-11510, it is recommended that users of Pulse Secure Pulse Connect Secure (PCS) upgrade to the following versions:

Upgrade to Pulse Connect Secure (PCS) 8.2R12.1 or later.
Upgrade to Pulse Connect Secure (PCS) 8.3R7.1 or later.
Upgrade to Pulse Connect Secure (PCS) 9.0R3.4 or later.

Additionally, organizations should implement network security measures, such as firewalls and intrusion detection systems, to monitor and restrict unauthorized access attempts.

References

Early Warning

Customers using Armis Early Warning were notified about this vulnerability before it appeared in CISA's Known Exploited Vulnerabilities Catalog, enabling them to assess their exposure and act proactively. Armis offers these examples of CVEs already included in CISA KEV for potential customers. Click here to learn how to receive alerts earlier.

Armis Alert Date: May 8, 2019
CISA KEV Date: Nov 3, 2021

910days early

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Educational Services: Low
Educational Services
Manufacturing: Low
Manufacturing
Retail Trade: Low
Retail Trade
Accommodation & Food Services: Low
Accommodation & Food Services
Administrative, Support, Waste Management & Remediation Services: Low
Administrative, Support, Waste Management & Remediation Services
Agriculture, Forestry Fishing & Hunting: Low
Agriculture, Forestry Fishing & Hunting
Arts, Entertainment & Recreation: Low
Arts, Entertainment & Recreation
Construction: Low
Construction
Finance and Insurance: Low
Finance and Insurance
Health Care & Social Assistance: Low
Health Care & Social Assistance
Information: Low
Information
Management of Companies & Enterprises: Low
Management of Companies & Enterprises
Mining: Low
Mining
Other Services (except Public Administration): Low
Other Services (except Public Administration)
Professional, Scientific, & Technical Services: Low
Professional, Scientific, & Technical Services
Public Administration: Low
Public Administration
Real Estate Rental & Leasing: Low
Real Estate Rental & Leasing
Transportation & Warehousing: Low
Transportation & Warehousing
Utilities: Low
Utilities
Wholesale Trade: Low
Wholesale Trade

^{CVE-2019-11510:}CVE-2019-11510 is a critical arbitrary file reading vulnerability in Pulse Secure Pulse Connect Secure (PCS) versions 8.2, 8.3, and 9.0, allowing unauthenticated remote attackers to exploit the system via specially crafted URIs.