The script is available for download from the Bishop Fox GitHub repository, and pull requests for improvements are encouraged.
![pulse secure vulnerability pulse secure vulnerability](https://devco.re/assets/img/blog/20190902/6.png)
Provided with a hostname or IP address, the bash script:
![pulse secure vulnerability pulse secure vulnerability](https://www.bleepstatic.com/content/hl-images/2021/04/12/pule-secure-header.jpg)
In order to contribute to Bishop Fox’s mission to protect our clients, I researched the Pulse SSL VPN arbitrary file read vulnerability and developed an exploit for our penetration testers to use on their engagements.
Pulse secure vulnerability code#
Ten days after the conferences, however, 0xDezzy and Alyssa Herrera published proof-of-concept code for Metasploit that revealed the vulnerable path that was key to a functional exploit. Orange and Meh stated that their responsibility was to make the world more secure, so they chose not to release the exploit upon which all the others depended.
Pulse secure vulnerability Patch#
The presenters intentionally left key details out of their explanation of the initial attack vector to allow time for Pulse customers to patch their VPN software. They showed how this information was used to compromise a client session and gain access to a VPN network, then demonstrated additional post-authentication exploits that resulted in complete takeover of the VPN server. Orange and Meh demonstrated a pre-authentication arbitrary file read vulnerability ( CVE-2019-11510) that revealed sensitive information like VPN client credentials, private SSH keys, and session cookies. Since then, one vulnerability in particular has received a great deal of attention from the security community because of its potential to cause widespread damage.
![pulse secure vulnerability pulse secure vulnerability](https://1.bp.blogspot.com/-K1bHfUuiYJw/XW0AO73r5kI/AAAAAAAAEWI/OkyEyi6oxNEtEgDQQzyTZ0S8-zFqwlvjACLcBGAs/s1600/upload_5daceb7538024195dfa2c4709d5dec33%5B1%5D.png)
Automating Exploitation of a Pulse SSL VPN Arbitrary File Read Vulnerability IntroductionĪt this year’s Black Hat and DEFCON conferences, Orange Tsai and Meh Chang gave a talk entitled “ Infiltrating Corporate Intranet Like NSA: Pre-auth RCE on Leading SSL VPNs.” The presentation of their original research included a host of vulnerability disclosures for popular enterprise VPN products including Pulse Connect Secure.