New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 9
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
According to its self-reported version, the version of Pulse Policy Secure running on the remote host is affected by multiple vulnerabilities.
- A session hijacking vulnerability exists in PPS. An unauthenticated, remote attacker can exploit this, to perform actions in the user or administrator interface with the privileges of another user. (CVE-2019-11540)
- Multiple vulnerabilities found in the admin web interface of PPS (CVE-2019-11543, CVE-2019-11542, CVE-2019-11539, CVE-2019-11509)
- Multiple vulnerabilities found in Network File Share (NFS) of PPS , allows the attacker to read/write arbitrary files on the affected device. (CVE-2019-11538, CVE-2019-11508)
Refer to the vendor advisory for additional information.
Solution
Upgrade to the appropriate version referenced in the advisory.