Vulnerability Details CVE-2019-11213
In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 84.8%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114/
- https://www.kb.cert.org/vuls/id/192371
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114/
- https://www.kb.cert.org/vuls/id/192371
Products affected by CVE-2019-11213
-
cpe:2.3:a:ivanti:connect_secure:*
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r10.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r11.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r11.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r12.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r12.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r13.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r14.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r2.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r2.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r3.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r3.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r3.2
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r4.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r4.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r5.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r6.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r7.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r8.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r9.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r9.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r9.2
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r1.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r2
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r2.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r3
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r4
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r5
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r5.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r5.2
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r6
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r6.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r1.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r10.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r11.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r12.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r13.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r13.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r14.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r15.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r15.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r16.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r16.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r17.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r2.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r3.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r3.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r4.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r4.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r5.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r6.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r7.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r8.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r8.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.0r9.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r1.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r1.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r10.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r11.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r11.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r12.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r13.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r14.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r2.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r3.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r3.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r3.2
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r4.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r5.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r5.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r6.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r7.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r8.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r9.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r9.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.2
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r1.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r2
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r3
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r4.2
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r5
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r5.2
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3r6
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0r1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0r2
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0r2.1