CVE-2019-11213

HIGH

Pulse Secure <5.3R7, <9.0R3 - Privilege Escalation

Title source: llm
STIX 2.1

Description

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3.

References (3)

Core 3
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/192371

Scores

CVSS v3 8.1
EPSS 0.0248
EPSS Percentile 85.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-384
Status published
Products (3)
ivanti/connect_secure 9.0r1 - 9.0r3
pulsesecure/pulse_connect_secure 8.1r1.0 - 8.1r14.0
pulsesecure/pulse_secure_desktop_client 5.0r1.0 - 5.3r7
Published Apr 12, 2019
Tracked Since Feb 18, 2026