CVE-2019-11510 Report Request
This arbitrary file reading vulnerability allows sensitive information disclosure enabling unauthenticated attackers to access private keys and user passwords. Further exploitation using the leaked credentials can lead to remote command injection (CVE-2019-11539) and allow attackers to gain access inside private VPN networks.

Bad Packets™ summary report is available here:

The list of vulnerable Pulse Secure VPN servers is freely available for authorized government CERT, CSIRT, ISAC, and law enforcement teams to review. To obtain a report of vulnerable hosts impacting your constituency, please fill out the form below.
Email address *
Name *
Your answer
Organization *
Your answer
Organization Type *
Please provide the country, autonomous system number (ASN), IP netblocks (BGP prefix in CIDR format), or domain names of your constituency: *
Your answer
This report request is for non-commercial use only and may not be modified, copied, republished, displayed, posted, or sold in any form or by any means, in whole or in part, without prior written permission from Bad Packets LLC.
Never submit passwords through Google Forms.
This form was created inside of Bad Packets LLC. Report Abuse