Pulse Connect Secure – Unauthenticated Arbitrary File Read (CVE-2019-11510)

Recently an unauthenticated arbitrary file read vulnerability was discovered in Pulse Secure “Pulse Connect Secure” VPN servers. The vulnerability allows an unauthenticated remote attacker to send a specially crafted URI to read an arbitrary file. The vulnerability affects the following versions:

  • 8.1R15.1, 8.2 before 8.2R12.1
  • 8.3 before 8.3R7.1
  • and 9.0 before 9.0R3.4


Exploits targeting this vulnerability were posted online a few days ago and researchers at F5 Networks have already detected threat campaigns targeting this vulnerability.


Mitigation with BIG-IP ASM

ASM customers under any supported BIG-IP version are already protected against this vulnerability.


While exploiting this vulnerability, an attacker will try to send a malicious HTTP GET request containing a path to the file that the attacker wants to read.

Figure 1 Request example containing the exploitation attempt


The exploitation attempt will be detected by many existing signatures to detect “Path traversal”, “Detection Evasion”, and “Predictable Resource Location”.


Figure 2 Exploit blocked with Attack Signature (200003056)


Figure 3 Exploit blocked with Attack Signature (200101550)


Figure 4 Exploit blocked by Directory Traversal evasion technique

Published Aug 26, 2019
Version 1.0

Was this article helpful?