Reset Search
 

 

Article

JSA10536 - 2012-09 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Specifically crafted https packet may cause denial of service

« Go Back

Information

 
Product AffectedPCS700, PCS2000, PCS2500, PCS4000, PCS4000 FIPS, PCS4500, PCS4500 FIPS, PCS6000, PCS6000 FIPS, PCS6500, PCS6500 FIPS, PPS4000, PPS4500, PPS6000, PPS6500, PPS6500 FIPS, MAG PCS2600, MAG PCS4610, MAG PCS6610, MAG PCS6611
Problem
A denial of service issue was found in the Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) system software. A specific malformed https packet can potentially cause a system service to crash. After the crash takes place. the system will restart the affected service and return to an operational state. If the issue was ongoing however, there could be an extended loss of service.

This issue was found during internal product security testing.

Pulse Secure is not aware of any malicious exploitation of this vulnerability.
Solution
Software updates to PCS and PPS have been released to resolve this issue. Releases containing the fix include PCS 7.2r1, 7.1r8, and all subsequent releases. The PPS versions with the fix include: 4.2r1, 4.1r8, and all subsequent releases.
Workaround
Implementation
Software release Service Packages are available at https://www.pulsesecure.net/support from the "Download Software" links.
Related Links
CVSS Score7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Risk AssessmentA DoS (denial of service) attack against a device could cause a temporary loss of connectivity for users. The system watchdog would restart the affected service, so users may or may not notice the issue. If the issue was ongoing however, there could be an
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy IDPSN-2012-09-711, JSA10536

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255