By Dor Cohen, Senior Cyber Security Researcher
On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510.
BadPackets analyzed the number of Pulse Secure VPN endpoints vulnerable to the CVE-2019-11510. Using the online scanning service BinaryEdge the researchers found 41,850 Pulse Secure VPN endpoints exposed online, 14,528 of them vulnerable to CVE-2019-11510.
Read BadPackets’ advisory
Most of the vulnerable hosts were in the U.S., followed by Japan and the U.K.
Country |
Count of Vulnerable Hosts |
United States |
5,010 |
Japan |
1,511 |
United Kingdom |
830 |
Germany |
789 |
France |
626 |
Netherlands |
420 |
Israel |
406 |
Switzerland |
307 |
Canada |
296 |
South Korea |
281 |
All Other Countries |
4,052 |
The researchers also analyzed the distribution of the vulnerable hosts by industry and discovered that the flaw affects hosts in:
- Electric utilities
- U.S. military, federal, state, and local government agencies
- Public universities and schools
- Hospitals and health care providers
- Major financial institutions
- Numerous Fortune 500 companies
BadPackers did not disclose the list of affected organizations to avoid that threat actors will target them.

BadPackets analyzed the number of Pulse Secure VPN endpoints vulnerable to the CVE-2019-11510. Using the online scanning service BinaryEdge the researchers found 41,850 Pulse Secure VPN endpoints exposed online, 14,528 of them vulnerable to CVE-2019-11510.