{"vuid":"VU#192371","idnumber":"192371","name":"VPN applications insecurely store session cookies","keywords":["VPN","session cookies","CVE-2019-1573","CVE-2019-11213"],"overview":"Multiple Virtual Private Network (VPN) applications store the authentication and/or session cookies insecurely in memory and/or log files.","clean_desc":"Virtual Private Networks(VPNs)are used to create a secure connection with another network over the internet. Multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files. CWE-311:Missing Encryption of Sensitive Data The following products and versions store the cookie insecurely in log files: - CVE-2019-1573:Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0- CVE-2019-11213: Pulse Desktop Client 9.0R2 and earlier and 5.3R6 and earlier; Pulse Connect Secure(for Network Connect customers)9.0R2 and earlier,8.3R6 and earlier,and 8.1R13 and earlier The following products and versions store the cookie insecurely in memory: - CVE-2019-1573:Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 - CVE-2019-11213:Pulse Desktop Client 9.0R2 and earlier and 5.3R6 and earlier; Pulse Connect Secure(for Network Connect customers)9.0R2 and earlier,8.3R6 and earlier,and 8.1R13 and earlier - Cisco AnyConnect 4.7.x and prior It is likely that this configuration is generic to additional VPN applications. If you believe that your organization is vulnerable,please contact CERT/CC at cert@cert.org with the affected products,version numbers,patch information,and self-assigned CVE.","impact":"If an attacker has persistent access to a VPN user's endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods. An attacker would then have access to the same applications that the user does through their VPN session.","resolution":"Apply an update\nCVE-2019-1573\nPalo Alto Networks GlobalProtect Agent version 4.1.1 and later for Windows and GlobalProtect Agent version 4.1.11 and later for macOS patch this vulnerability. CVE-2019-11213\nUpdate Pulse Secure Desktop Client and Network Connect to the following versions: Desktop Client\n- Pulse Secure Desktop 9.0R3 and above\n- Pulse Secure Desktop 5.3R7 and above\n- Note:  For Pulse Desktop Client customer, this is a client-side fix only and does not require a server-side upgrade. Network Connect\n- Pulse Connect Secure 9.0R3 and above\n- Pulse Connect Secure 8.3R7 and above\n- Pulse Connect Secure 8.1R14 and above CERT/CC is unaware of any patches at the time of publishing for Cisco AnyConnect.","workarounds":"","sysaffected":"","thanks":"Thanks to the National Defense ISAC Remote Access Working Group for reporting this vulnerability.","author":"This document was written by Madison Oliver.","public":["https://securityadvisories.paloaltonetworks.com/Home/Detail/146","https://vuldb.com/?id.133258","https://cwe.mitre.org/data/definitions/311.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114/","http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1573"],"cveids":["CVE-2019-1573","CVE-2019-11213"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2019-01-17T14:08:18Z","publicdate":"2019-04-10T00:00:00Z","datefirstpublished":"2019-04-11T13:55:21Z","dateupdated":"2019-04-24T15:03:05Z","revision":69,"vrda_d1_directreport":"1","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"L","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"5.7","cvss_basevector":"AV:L/AC:L/Au:S/C:C/I:P/A:P","cvss_temporalscore":"4.5","cvss_environmentalscore":"4.4992315386018","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}