Reset Search
 

 

Article

KB43597 - Impact of CVE-2017-5753 (Bounds Check bypass, AKA Spectre), CVE-2017-5715 (Branch Target Injection, AKA Spectre) and CVE-2017-5754 (Meltdown) on Pulse Secure Products

« Go Back

Information

 
Last Modified Date1/6/2018 1:56 AM
Synopsis
This article provides detailed information about the impact of the below three mentioned side-channel attacks on Pulse Secure Products.
  • CVE-2017-5753 (Bounds Check bypass, AKA Spectre)
  • CVE-2017-5715 (Branch Target Injection, AKA Spectre)
  • CVE-2017-5754 (Meltdown) 

 
Problem or Goal
Cause
Solution
 
  • The PSA series, MAG Series, Secure Access X500 series and Infranet Controller X500 series models that host Pulse Connect Secure, Pulse Policy Secure and Pulse One Appliance (on-prem) solutions are not Vulnerable. This issue can only be exploited by software that has local access and the above mentioned products are designed to only allow trusted software provided by Pulse Secure to run on these platforms which effectively mitigates any risk of Side-Channel analysis from these attacks
 
  • Pulse Secure Virtual Appliances (SPE) may be impacted by this issue depending on the version of the hypervisor i.e. ESXi, KVM, or Hyper-V that hosts the Pulse Secure Virtual Appliance instance. Please check with the respective hypervisor vendor for their recommendations on how to mitigate any risks from these issues
 
 
  • Pulse One Cloud solution and Pulse Workspace solution: Both of these cloud-based solutions are not vulnerable to these CVEs
 
  • vADC (vTM, Services Director, vWAF) Software Installation: May be impacted by this issue only if executing on a platform vulnerable to these side-channel attacks (e.g. operating system).
 
  • vADC (Services Director) Virtual Appliances: May be impacted by this issue only if executing on a platform vulnerable to these side-channel attacks (e.g. hypervisor).
 
  • vADC (vTM, vWAF) Virtual Appliances and Bare-Metal: Vulnerable. In addition may be impacted, if executing on a platform vulnerable to these side-channel attacks (e.g. hypervisor). We are currently assessing mitigation options not limited to a fix which is awaiting the delivery of patches from the 3rd party OS vendor. Please refer  https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown for additional information on the delivery of the patches from the 3rd party OS vendor.

Related Issue:
  • Pulse Desktop Windows Client: After installing Microsoft Patch KB4056892, end-users that use Pulse Client to initiate the connection may not be able to connect to the PCS/PPS gateway due to Host Checker failures. Please refer to KB43600 for more details and the latest updates on this issue. 
Related Links
Attachment 1 
Created ByRuchit Sheth

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255