Reset Search
 

 

Article

SA43877 - 2018-08 Security Bulletin: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure / Pulse Secure Desktop 9.0R1/9.0R2

« Go Back

Information

 
Product AffectedPulse Connect Secure, Pulse Policy Secure & Pulse Desktop Client
Problem
This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure, Pulse Policy Secure  & Pulse Desktop Clients in 9.0R1/9.0R2 releases. These issues apply to all releases prior to PCS and PPS 9.0R1 as well.

Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities? per our End of Engineering (EOE) and End of Life (EOL) policies.
Solution
Additionally, these issues are resolved in the following releases:

Pulse Connect Secure:
  • 9.0R1
  • 8.3R6
  • 8.1R14
Pulse Policy Secure:
  • 9.0R1
  • 5.4R6

Pulse Secure Desktop (Windows and macOS):
  • 9.0R2
  • 5.3R6

Pulse Secure Desktop (Windows):

 
CVECVSS Score (V3)Summary
CVE-2018-162616.8 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLocal unauthorized user can gain elevated privilege access due to improper certificate handling when credential provider is enabled with Pulse Desktop Client 9.0R1 and 5.3RX before 5.3R5.

***Issue is only applicable to Pulse Secure Desktop when credential provider feature is enabled.
  Security hardening by adding Windows defense mechanisms (i.e ASLR, DEP, etc) 



Pulse Secure Desktop (macOS):

 
CVECVSS Score (V3)Summary
CVE-2018-15726

CVE-2018-15865
8.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HLocal privilege escalation with Pulse client due to the permission set. 
CVE-2018-157265.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LMetacharacter Injection was found in Pulse Pulse Secure Desktop (macOS) 9.0R1 and 5.3RX before 5.3R5.
CVE-2018-157495.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LFormat string vulnerability was found in Pulse Secure Desktop (macOS) 9.0R1 and 5.3RX before 5.3R5 allows local attacker to trigger information display (of information that should not be accessible).
 7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Information exposure issue where IPV6 DNS traffic would be sent outside of the VPN tunnel when Traffic Enforcement was enabled with Pulse Secure Desktop 9.0R1 and below.

***Applicable only to dual-stack (IPV4/IPV6) endpoints
 

Pulse Connect Secure / Pulse Policy Secure:

All issues listed below are resolved in Pulse Connect Secure and Pulse Policy Secure 9.0R1 and above:
 
CVECVSS Score (V3)Applies toSummary
CVE-2018-04868.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:NPCSXMLtooling mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD in Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R5.
 8.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HPCS
A cross site scripting
issue has been found with rd.cgi in Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization.

**Not applicable to 8.1RX
 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NPCSA Input validation issue has been found with login_meeting.cgi in Pulse Connect Secure 8.3RX before 8.3R2.
 
10 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
PCS/PCSSession data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Connect Secure 8.3RX before 8.3R2 and Pulse Policy Secure 5.4RX before 5.3R2.

**Not applicable to PCS 8.1RX, PPS 5.2RX or stand-alone devices

 
 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NPCSA hidden RPC service issue was found with Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12.
 8.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HPCS/PPSA cross site scripting issue was found with Psaldownload.cgi in Pulse Connect Secure 8.3R2 before 8.3R2 and Pulse Policy Secure 5.4RX before 5.4R2.

**Not applicable to PCS 8.1RX or PPS 5.2RX
CVE-2018-143667.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NPCS/PPSA open redirect issue was found with download.cgi with Pulse Connect Secure 8.3RX before 8.3R4, 8.1RX before 8.1R13 and Pulse Policy Secure 5.4RX before 5.4R4, 5.2RX before 5.2R10.
CVE-2018-63208.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HPCS/PPSAn issue was found with improper validation of host header with login.cgi with Pulse Connect Secure 8.3RX before 8.3R2, 8.1RX before 8.1R12 and Pulse Policy Secure 5.4RX before 5.4R2, 5.2RX before 5.2R9.
 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HPCS/PPSSpecial crafted message can cause the web server to crash with Pulse Connect Secure 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5.

**Not applicable to PCS 8.1RX
 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:LPCS/PPSA cross site scripting issue has been found with PSAL in Pulse Connect Secure 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5.

**Not applicable to 8.1RX
A special thanks to Prashant BS for reporting a WordPress Vulnerability with the Pulse Secure website and has been resolved.
Workaround
Implementation
Related Links
CVSS Score
Risk Assessment
Acknowledgements
Alert Type 
Risk Level 
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255