You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2019-11510
About this tag
CVE-2019-11510 is a critical arbitrary file reading vulnerability affecting Pulse Secure VPN appliances. Disclosed in April 2019, it allows unauthenticated remote attackers to read arbitrary files, potentially leading to remote code execution. Despite patches being available, threat actors continued to exploit unpatched systems well into 2020. The Cybersecurity and Infrastructure Security Agency (CISA) issued multiple alerts urging organizations to apply the software patch immediately. Discussions on WindowsForum highlight the ongoing exploitation post-patching and the importance of addressing this vulnerability to prevent compromise of enterprise networks.
Original release date: April 16, 2020 | Last revised: June 30, 2020
Summary
Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations...
Original release date: April 16, 2020
Summary
Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations.
This Alert provides an update...
Original release date: January 10, 2020
Summary
Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become...