cve-2019-11510

About this tag
CVE-2019-11510 is a critical arbitrary file reading vulnerability affecting Pulse Secure VPN appliances. Disclosed in April 2019, it allows unauthenticated remote attackers to read arbitrary files, potentially leading to remote code execution. Despite patches being available, threat actors continued to exploit unpatched systems well into 2020. The Cybersecurity and Infrastructure Security Agency (CISA) issued multiple alerts urging organizations to apply the software patch immediately. Discussions on WindowsForum highlight the ongoing exploitation post-patching and the importance of addressing this vulnerability to prevent compromise of enterprise networks.
  1. News

    AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

    Original release date: April 16, 2020 | Last revised: June 30, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations...
  2. News

    AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

    Original release date: April 16, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update...
  3. News

    AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability

    Original release date: January 10, 2020 Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become...
Back
Top