Pulse Secure SSL VPN Arbitrary File reading (CVE-2019-11510)
Description
Pulse Secure SSL VPN versions prior to 9.0RX contain a path traversal vulnerability (CVE-2019-11510) that allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By manipulating file paths in specially crafted HTTP requests, attackers can bypass access controls and retrieve sensitive data without requiring valid credentials.
Remediation
Immediately upgrade Pulse Connect Secure and Pulse Policy Secure to version 9.0RX or later as detailed in Pulse Security Advisory SA44101. Follow these steps:
1. Review the security advisory at kb.pulsesecure.net to identify if your version is affected
2. Schedule and apply the vendor-provided patches during a maintenance window
3. After patching, rotate all VPN user credentials and SSL certificates as a precautionary measure
4. Review system logs for indicators of compromise, including unusual file access patterns or unauthorized authentication attempts
5. Implement network segmentation and monitoring to detect potential lateral movement if breach is suspected
6. Consider implementing Web Application Firewall (WAF) rules to block path traversal attempts as a temporary mitigation if immediate patching is not possible