Pulse Policy Secure Multiple Vulnerabilities (SA44101)
High Nessus Plugin ID 124767
SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version, the version of Pulse Policy Secure running on the remote host is affected by multiple vulnerabilities.
- A session hijacking vulnerability exists in PPS. An unauthenticated, remote attacker can exploit this, to perform actions in the user or administrator interface with the privileges of another user. (CVE-2019-11540)
- Multiple vulnerabilities found in the admin web interface of PPS (CVE-2019-11543, CVE-2019-11542, CVE-2019-11539, CVE-2019-11509)
- Multiple vulnerabilities found in Network File Share (NFS) of PPS , allows the attacker to read/write arbitrary files on the affected device. (CVE-2019-11538, CVE-2019-11508)
Refer to the vendor advisory for additional information.
SolutionUpgrade to the appropriate version referenced in the advisory.