CVE-2019-11539 Ivanti CVE debrief

Who should care

Administrators and security teams responsible for Ivanti Pulse Connect Secure and Pulse Policy Secure, especially vulnerability management and incident response teams tracking CISA Known Exploited Vulnerabilities.

Technical summary

The supplied sources identify CVE-2019-11539 as a command injection vulnerability in Ivanti Pulse Connect Secure and Pulse Policy Secure. CISA’s Known Exploited Vulnerabilities catalog records it as actively exploited and includes the note that it has known ransomware campaign use. The KEV entry instructs affected parties to apply updates per vendor instructions.

Defensive priority

High

Recommended defensive actions

• Apply updates per vendor instructions as directed in the CISA KEV entry.
• Inventory all Ivanti Pulse Connect Secure and Pulse Policy Secure deployments to confirm whether any affected instances remain.
• Prioritize remediation for any exposed or internet-facing systems.
• Verify patch completion and document remediation status for vulnerability management tracking.
• Review relevant authentication, administration, and system logs for suspicious activity around affected systems.

Evidence notes

The evidence corpus consists of the CISA KEV source item plus official CVE and NVD record links. The CISA KEV metadata explicitly names CVE-2019-11539, classifies it as a command injection vulnerability, marks it as known exploited, records known ransomware campaign use, and gives the action to apply updates per vendor instructions. No CVSS score was provided in the supplied data.

Official resources