CVE-2019-11539

This Metasploit module exploits a post-auth command injection vulnerability in Pulse Secure VPN (CVE-2019-11539) to execute arbitrary commands as root. It bypasses application whitelisting using the env(1) command and leverages a valid administrator session ID for authentication.

This exploit leverages CVE-2019-11539 to achieve post-authentication remote code execution on Pulse Secure VPN appliances. It injects commands via a tcpdump diagnostic tool to overwrite system files, enabling SSH access as root.

This repository contains a functional Python exploit for CVE-2019-11539, which targets an authenticated command injection vulnerability in Pulse Secure Pulse Connect Secure. The exploit logs in as an admin, injects commands via a tcpdump diagnostic feature, and overwrites SSH configuration files to enable root access.

This Metasploit module exploits a post-authentication command injection vulnerability in Pulse Secure VPN servers (CVE-2019-11539) by leveraging the env(1) command to bypass application whitelisting and execute arbitrary commands as root. It requires a valid administrator session ID and uses a CSRF token to craft malicious requests to the diagnostic CGI endpoint.