← Back

CVE-2019-11213

nvd nist
Published: Apr 12, 2019Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: NVD

Description

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3.

Affected (5)

Ivanti
1 product
Connect Secure
Pulsesecure
2 products
Pulse Connect Secure
Pulse Secure Desktop Client
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Connect Secure
From 9.0r1 to 9.0r3
Pulsesecure
Pulse Connect Secure
From 8.1r1.0 to 8.1r14.0
Pulse Connect Secure
From 8.3r1 to 8.3r7
Pulsesecure
Pulse Secure Desktop Client
From 5.0r1.0 to 5.3r7
Pulse Secure Desktop Client
From 9.0r1 to 9.0r3

Related CWEs

CWE-384
Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References (6)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.