Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Pulse Connect Secure – Unauthenticated Arbitrary File Read (CVE-2019-11510)

Harsh_Chawla
F5 Employee
F5 Employee

on ‎26-Aug-2019 16:33

Recently an unauthenticated arbitrary file read vulnerability was discovered in Pulse Secure “Pulse Connect Secure” VPN servers. The vulnerability allows an unauthenticated remote attacker to send a specially crafted URI to read an arbitrary file. The vulnerability affects the following versions:

  • 8.1R15.1, 8.2 before 8.2R12.1
  • 8.3 before 8.3R7.1
  • and 9.0 before 9.0R3.4

 

Exploits targeting this vulnerability were posted online a few days ago and researchers at F5 Networks have already detected threat campaigns targeting this vulnerability.

 

Mitigation with BIG-IP ASM

ASM customers under any supported BIG-IP version are already protected against this vulnerability.

 

While exploiting this vulnerability, an attacker will try to send a malicious HTTP GET request containing a path to the file that the attacker wants to read.

Figure 1 Request example containing the exploitation attempt

 

The exploitation attempt will be detected by many existing signatures to detect “Path traversal”, “Detection Evasion”, and “Predictable Resource Location”.

 

Figure 2 Exploit blocked with Attack Signature (200003056)

 

Figure 3 Exploit blocked with Attack Signature (200101550)

 

Figure 4 Exploit blocked by Directory Traversal evasion technique

Labels:
Comments
miladmin
Nimbostratus
Nimbostratus
‎29-Sep-2019 00:50

thanks  

0 Kudos
Version history
Last update:
‎26-Aug-2019 16:33
Updated by:
F5 Employee
Contributors
Copyright © 2023 Khoros, LLC