The Radiflow Security Blog

Bad Packets warns of over 14,500 Pulse Secure VPN Endpoints vulnerable to CVE-2019-11510
September 3, 2019
By Dor Cohen, Senior Cyber Security Researcher

On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510.

BadPackets analyzed the number of Pulse Secure VPN endpoints vulnerable to the CVE-2019-11510. Using the online scanning service BinaryEdge the researchers found 41,850 Pulse Secure VPN endpoints exposed online, 14,528 of them vulnerable to CVE-2019-11510.

Read BadPackets’ advisory

Most of the vulnerable hosts were in the U.S., followed by Japan and the U.K.

Country Count of Vulnerable Hosts
United States 5,010
Japan 1,511
United Kingdom 830
Germany 789
France 626
Netherlands 420
Israel 406
Switzerland 307
Canada 296
South Korea 281
All Other Countries 4,052

The researchers also analyzed the distribution of the vulnerable hosts by industry and discovered that the flaw affects hosts in:

  • Electric utilities
  • U.S. military, federal, state, and local government agencies
  • Public universities and schools
  • Hospitals and health care providers
  • Major financial institutions
  • Numerous Fortune 500 companies

BadPackers did not disclose the list of affected organizations to avoid that threat actors will target them.