The Radiflow Security Blog
Bad Packets warns of over 14,500 Pulse Secure VPN Endpoints vulnerable to CVE-2019-11510
September 3, 2019
By Dor Cohen, Senior Cyber Security Researcher
On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510.
BadPackets analyzed the number of Pulse Secure VPN endpoints vulnerable to the CVE-2019-11510. Using the online scanning service BinaryEdge the researchers found 41,850 Pulse Secure VPN endpoints exposed online, 14,528 of them vulnerable to CVE-2019-11510.
Most of the vulnerable hosts were in the U.S., followed by Japan and the U.K.
| Country | Count of Vulnerable Hosts |
| United States | 5,010 |
| Japan | 1,511 |
| United Kingdom | 830 |
| Germany | 789 |
| France | 626 |
| Netherlands | 420 |
| Israel | 406 |
| Switzerland | 307 |
| Canada | 296 |
| South Korea | 281 |
| All Other Countries | 4,052 |
The researchers also analyzed the distribution of the vulnerable hosts by industry and discovered that the flaw affects hosts in:
- Electric utilities
- U.S. military, federal, state, and local government agencies
- Public universities and schools
- Hospitals and health care providers
- Major financial institutions
- Numerous Fortune 500 companies
BadPackers did not disclose the list of affected organizations to avoid that threat actors will target them.