In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Connect_secure | Ivanti | 8.3 (including) | 8.3 (including) |
| Pulse_connect_secure | Pulsesecure | 8.3rx (including) | 8.3rx (including) |
| Pulse_connect_secure | Pulsesecure | 9.0r1 (including) | 9.0r1 (including) |
| Pulse_connect_secure | Pulsesecure | 9.0r2 (including) | 9.0r2 (including) |
| Pulse_connect_secure | Pulsesecure | 9.0r2.1 (including) | 9.0r2.1 (including) |
| Pulse_connect_secure | Pulsesecure | 9.0r3 (including) | 9.0r3 (including) |
| Pulse_connect_secure | Pulsesecure | 9.0r3.1 (including) | 9.0r3.1 (including) |
| Pulse_connect_secure | Pulsesecure | 9.0r3.2 (including) | 9.0r3.2 (including) |
| Pulse_connect_secure | Pulsesecure | 9.0rx (including) | 9.0rx (including) |
| Pulse_policy_secure | Pulsesecure | 5.4r1 (including) | 5.4r1 (including) |
| Pulse_policy_secure | Pulsesecure | 5.4r2 (including) | 5.4r2 (including) |
| Pulse_policy_secure | Pulsesecure | 5.4r2.1 (including) | 5.4r2.1 (including) |
| Pulse_policy_secure | Pulsesecure | 5.4r3 (including) | 5.4r3 (including) |
| Pulse_policy_secure | Pulsesecure | 5.4r4 (including) | 5.4r4 (including) |
| Pulse_policy_secure | Pulsesecure | 5.4r5 (including) | 5.4r5 (including) |
| Pulse_policy_secure | Pulsesecure | 5.4r5.2 (including) | 5.4r5.2 (including) |
| Pulse_policy_secure | Pulsesecure | 5.4r6 (including) | 5.4r6 (including) |
| Pulse_policy_secure | Pulsesecure | 5.4r6.1 (including) | 5.4r6.1 (including) |
| Pulse_policy_secure | Pulsesecure | 5.4r7 (including) | 5.4r7 (including) |
| Pulse_policy_secure | Pulsesecure | 5.4rx (including) | 5.4rx (including) |
| Pulse_policy_secure | Pulsesecure | 9.0r1 (including) | 9.0r1 (including) |
| Pulse_policy_secure | Pulsesecure | 9.0r2 (including) | 9.0r2 (including) |
| Pulse_policy_secure | Pulsesecure | 9.0r2.1 (including) | 9.0r2.1 (including) |
| Pulse_policy_secure | Pulsesecure | 9.0r3 (including) | 9.0r3 (including) |
| Pulse_policy_secure | Pulsesecure | 9.0r3.1 (including) | 9.0r3.1 (including) |
| Pulse_policy_secure | Pulsesecure | 9.0rx (including) | 9.0rx (including) |
References
- http://www.securityfocus.com/bid/108073
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
- https://www.kb.cert.org/vuls/id/927237
- http://www.securityfocus.com/bid/108073
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
- https://www.kb.cert.org/vuls/id/927237