Bad Packets provides critical vulnerability data impacting Pulse Secure and Citrix VPN servers to government CERT teams, ISAC organizations, and law enforcement agencies worldwide. Our scan results are also available to purchase for commercial use.
Bad Packets® CTI vulnerability reports include:
∙ IP address
∙ Netblock (BGP prefix in CIDR format)
∙ Autonomous system name and number (ASN)
∙ Country
∙ Reverse DNS
∙ SSL certificate organization and common name
∙ Detection date timestamp (ISO 8601)
∙ Proof-of-concept demonstrating the vulnerability
*** Pulse Secure VPN vulnerability CVE-2019-11510 ***
This arbitrary file reading vulnerability allows sensitive information disclosure enabling unauthenticated attackers to access private keys and user passwords. Further exploitation using the leaked credentials can lead to remote command injection (CVE-2019-11539) and allow attackers to gain access inside private VPN networks.
Bad Packets® CVE-2019-11510 summary report:
https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/*** Citrix (NetScaler) Gateway vulnerability CVE-2019-19781 ***
This critical vulnerability allows unauthenticated remote attackers to execute commands (RCE) on targeted Citrix Application Delivery Controller (ADC) and Citrix Gateway (also known as NetScaler Gateway) servers after chaining an arbitrary file read/write (directory traversal) flaw. Further exploitation can allow threat actors to gain a foothold inside private networks and conduct further malicious activity, such as spreading ransomware.
Bad Packets® CVE-2019-19781 summary report:
https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/*** F5 BIG-IP vulnerability CVE-2020-5902 ***
This critical vulnerability allows for unauthenticated attackers with network access to the vulnerable F5 server to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code.
Bad Packets® CVE-2020-5902 summary report:
https://badpackets.net/over-1800-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/