Reset Search
 

 

Article

JSA10590 - 2013-09 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Crafted packet can cause denial of service

« Go Back

Information

 
Product AffectedSA 4000, SA 6000, SA4500, FIPS SA4500, FIPS SA6000, SA6500, FIPS SA6500, MAG6610 with SM360 blade, MAG6611 with SM360 blade, IC6500, and the following PPS platforms do not come with the card by default, but it can be added to the systems: IC4000, IC4500
Problem
A denial of service (DoS) issue has been found on the Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) devices. This issue can cause the system to hang ultimately requiring a restart to bring the system back into service. This issue only applies to devices that contain the hardware SSL acceleration card and have it enabled.

This issue was found during security testing and reported to Pulse Secure by a third party security researcher who utilized responsible disclosure when reporting this issue.

Pulse Secure SIRT is not aware of any malicious exploitation of this vulnerability.
Solution
Software updates to PCS and PPS have been released to resolve this issue. Releases containing the fix include PCS 7.1r15, 7.2r10, 7.3r6, and 7.4r3 and PPS 4.1r8.1, 4.2r5, 4.3r6 and 4.4r3.
Workaround
Disabling the hardware SSL acceleration card will prevent this issue from occurring.

Console directions: To disable the hardware SSL acceleration card via console, first connect to the console port, then choose option "10" from the menu, which is "10. Toggle SSL HW Acceleration (system will reboot when this setting is modified)"

Admin page directions: To disable the hardware SSL acceleration card via admin page (https), log into the PCS / PPS admin page, then go to: Maintenance --> System --> Options, uncheck the following option:
 
Enable SSL acceleration. The system will reboot when this setting is modified.
Use SSL acceleration to offload SSL operations from the main CPU. This can significantly improve performance.
Implementation
Related Links
CVSS Score7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Risk Assessment
Acknowledgements
 Pulse Secure SIRT would like to acknowledge and thank Kenny Herold for responsibly reporting this vulnerability.
Alert Type 
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy IDJSA10590

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255