CVE-2019-11510

ENISA EUVD: EUVD-2019-3183 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 12 articles Published: 2019-05-08

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

94.46%

probability

This CVE has a 94.46% probability of being exploited in the next 30 days.

0% Top 100.0th percentile of all CVEs 100%

CVSS v3.0

Source: VulnerabilityLookup (CIRCL)

9.9

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N

CVSS v2 (legacy)

7.5

HIGH

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

VulnerabilityLookup (CNA)

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

Affected Products

n/a

ivanti

connect secure

n/a

Attack Intelligence

CWE-22 · Path Traversal CWE-664 · Improper Control of a Resource Through its Lifetime CWE-706 · Use of Incorrectly-Resolved Name or Reference

Exploits & PoC

projectzeroindia/CVE-2019-11510

Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)

362 2020-01-11

BishopFox/pwn-pulse

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

135 2020-01-15

jas502n/CVE-2019-11510-1

SSL VPN Rce

52 2019-08-27

imjdl/CVE-2019-11510-poc

Pulse Secure SSL VPN pre-auth file reading

50 2019-08-26

cisagov/check-your-pulse

This utility can help determine if indicators of compromise (IOCs) exist in the log files of a Pulse Secure VPN Appliance for CVE-2019-11510.

28 2020-08-19

r00tpgp/http-pulse_ssl_vpn.nse

Nmap NSE script to detect Pulse Secure SSL VPN file disclosure CVE-2019-11510

18 2019-08-27

aqhmal/pulsexploit

Automated script for Pulse Secure SSL VPN exploit (CVE-2019-11510) using hosts retrieved from Shodan API. You must have a Shodan account to use this s

9 2020-04-25

es0/CVE-2019-11510_poc

PoC for CVE-2019-11510 | Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure vulnerability

5 2019-08-27

34zY/APT-Backpack

cve-2019-11510, cve-2019-19781, cve-2020-5902, cve-2021-1497, cve-2021-20090, cve-2021-22006, cve-2021-22205, cve-2021-26084, cve-2021

3 2023-04-19

andripwn/pulse-exploit

Pulse Secure SSL VPN exploit (CVE-2019-11510) using hosts retrieved from Shodan API.

1 2020-07-27

pwn3z/CVE-2019-11510-PulseVPN

1 2020-11-05

nuc13us/Pulse

Pulse Secure VPN CVE-2019-11510

0 2026-02-06

jason3e7/CVE-2019-11510

0 2019-08-29

13 repos — triés par ⭐ Rechercher sur GitHub ↗

https://kb.pulsesecure.net/?atype=sa

x_refsource_MISC

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/

x_refsource_CONFIRM

http://www.securityfocus.com/bid/108073

vdb-entry x_refsource_BID

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010

x_refsource_CONFIRM

http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html

x_refsource_MISC

https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

75%

EPSS 94.46%

CVSS v3.0 9.9

Mentions 12

Last Seen May 08, 2025

CNA Information

CNA Assigner

mitre

Analyst Note

CVE-2019-11510 is identified as a Pulse Secure VPN zero-day in BleepingComputer reporting active exploitation against defense firms and government organizations. The 2019 publication year combined with explicit zero-day designation and documented in-the-wild attacks meets zero-day criteria, though specific patch timing details are unavailable.