Skip to main content

Special Announcement

  • 25 Jun 2024

    Announcement for Change of Chinese Name

    Please note that the Chinese name of HKCERT is changed from 「香港電腦保安事故協調中心」 to 「香港網絡安全事故協調中心」 with immediate effect.

    The English name, abbreviation, web address and email address remained unchanged.

Critical Pulse Secure VPN Vulnerability (CVE-2019-11510) Alert

Release Date: 6 Sep 2019 6743 Views

Bad Packets recently stated in a security blog [1] that they detected an internet-wide opportunistic scanning activity targeting Pulse Secure VPN endpoints vulnerable to CVE-2019-11510 [2]. This arbitrary file reading vulnerability allows sensitive information disclosure, enabling unauthenticated attackers to access private keys and user password. Further exploitation can lead to remote command injection (CVE-2019-11539) and allow attackers to gain access to the private VPN network and seize control (CRITICAL RISK).

Hong Kong computers are not spared from this vulnerability. According to information from a reliable source, over 150 local IP addresses have been affected by it. HKCERT has already notified the corresponding network providers and organisations to take appropriate remedial action.

The affected products include:

  • Pulse Connect Secure 9.0RX
  • Pulse Connect Secure 8.3RX
  • Pulse Connect Secure 8.2RX
  • Pulse Connect Secure 8.1RX
  • Pulse Policy Secure 9.0RX
  • Pulse Policy Secure 5.4RX
  • Pulse Policy Secure 5.3RX
  • Pulse Policy Secure 5.2RX
  • Pulse Policy Secure 5.1RX

 

The Pulse Secure Security Advisory SA44101 [3] has provided information on this vulnerability. Security fixes are available for different versions of software. Users are recommended to upgrade to the corresponding version with the fix ASAP.

[Updated 8-Oct-2019]: We noticed these vulnerabilities were reported being used in scattered attacks. [4][5]



Notes:
[1] https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510
[3] https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
[4] https://www.us-cert.gov/ncas/current-activity/2019/10/04/vulnerabilities-exploited-multiple-vpn-applications
[5] https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities