Menu
Back in April 2019, Pulse Secure released an advisory relating to CVE-2019-11510. We won’t go into full details but you can read that disclosure here.
To summarise, Pulse Secure introduced a new version (or more specifically a new feature ‘HTML5 Access’) which disrupted the original path validation. A new IF condition uses request->uri and request->filepath which allows attackers to add to the query string and bypass the validation, meaning they can access files pre-auth. As well as reading files, an attacker could access plain-text passwords as well as log-in credentials to access users accounts.
All unpatched versions using this feature will be vulnerable. With the exploit in the wild since early last year it would be hoped that all users have updated the software to the latest version, however a few recent cases of this vulnerability being exploited have led us to create a scan template specifically for our customers to ensure they are secure.
Even though the vulnerability was discovered early last year and AppCheck added a plug-in at the time to detect the threat, a new wave of attacks using the flaw have prompted us to create a specific scan template to identify this vulnerability.
AppCheck have released a scan template which will run a quicker scan and check for the above vulnerability. Specifically, the module will look to detect a critical security flaw in Pulse Secure’s Zero Trust Remote Access VPN.
Whilst our full security scan would pick this up, if you wanted peace of mind relating to this specific vulnerability then simply log-in and run the quick scan which you’ll find in our pre-configured scan library.
Not a customer and worried about this exploit? Get in contact for a free trial scan and a demonstration of how AppCheck can help.
As always, if you require any more information on this topic or want to see how AppCheck can help find vulnerabilities in your applications and infrastructure then please get in contact with us: info@appcheck-ng.com
No software to download or install.
Contact us or call us 0113 887 8380
