DETECTION OVERVIEW

Pulse Connect Secure Exploit Attempt - CVE-2019-11510

Risk Factors

Pulse Connect Secure (PCS) VPN gateways are commonly deployed in enterprise environments to manage TLS VPN connections that originate from the internet. This vulnerability is well known and a popular target among advanced persistent threat (APT) groups. This vulnerability enables unauthorized attackers to steal sensitive data to facilitate additional attacks on the network.

Kill Chain

Exploitation

Risk Score

Attack Background

A PCS is a VPN gateway application that authorizes external access to internal network resources. The PCS application has a vulnerability that enables an attacker to bypass authentication to access internal files or directories. The attacker submits an HTTP request with a malicious URI. This URI includes path traversal elements in both the path and query (such as /dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/). The path traversal enables authentication bypass and access to the target path specified prior to the HTTP query . The attacker then has read access to local files on the device.

Mitigation Options

Upgrade PCS to 8.2R12.1, 8.3R7.1, or 9.0R3.4

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases