Reset Search
 

 

Article

JSA10471 - Out of Cycle Security Bulletin: Pulse Connect Secure (PCS) Network Connect Credential Provider Issue

« Go Back

Information

 
Product AffectedSA 500, SA 700, SA 2000, SA 2500, SA 4000, SA 4500, SA 6000, SA 6500, SA 4000 FIPS, SA 6000 FIPS, SA 4500 FIPS, SA 6500 FIPS
Problem
There is an issue with Network Connect Credential Provider where local machine authentication can be bypassed on Windows 7 and Vista.
Solution
The following PCS software releases have a fix for this issue: PCS 6.5R9; 7.0R4, 7.1R1 or higher. We recommend upgrading your PCS software to resolve this security vulnerability.
Workaround
None.
Implementation
Related Links
CVSS Score10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Risk AssessmentIf Network Connect Credential Provider is configured in a certain manner, user can gain unauthorized access to the client machine without authentication.
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy IDPSN-2011-03-187, JSA10471

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255