Language:
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.
VPR Score: 10
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
Severity: High
ID: 127897
File Name: pulse_connect_secure_path_traversal.nbin
Version: 1.25
Type: remote
Family: CGI abuses
Published: 8/16/2019
Updated: 1/29/2021
Dependencies: 109921
Risk Factor: High
VPR Score: 10
CVSS Score Source: CVE-2019-11510
CVSS Score Rationale: Unauthenticated path traversal that leads to remote command exection.
Base Score: 7.5
Temporal Score: 6.2
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal Vector: E:F/RL:OF/RC:C
Base Score: 10
Temporal Score: 9.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: E:F/RL:O/RC:C
CPE: cpe:/a:pulsesecure:pulse_connect_secure
Required KB Items: installed_sw/Pulse Connect Secure
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 4/24/2019
Vulnerability Publication Date: 4/24/2019
Elliot (Pulse Connect Secure File Disclosure)
CVE: CVE-2019-11510
BID: 108073
IAVA: 2019-A-0309-S, 0001-A-0001-S