Field Note on CVE-2019-11510: Pulse Connect Secure SSL-VPN in the Netherlands

This Field Note describes the case of a critical unauthenticated RCE vulnerability in an SSL-VPN product that remained unpatched at a large scale-up and until after exploits became public. Approximately 14,500 systems worldwide were reportedly unpatched at the end of August 2019. Two weeks after exploits emerged in public, both GCHQ and NSA released notices that the vulnerability was being exploited by APT actors. The present Field Note describes observations from the Netherlands and includes reflections in an attempt to stimulate thinking on how to improve the status quo, such as through coordinated proactive measures by CSIRTs.