Reset Search



JSA10398 - Security Vulnerability in Pulse Connect Secure Platforms) RADIUS authentication mechanism

« Go Back


Product AffectedPCS: 6.0R1; 6.0R2; 6.0R3; 6.0R3.1; 6.1R1; 6.1R2; 6.1R3; 6.1R4, 6.1R5; 6.1R6
This Security Advisory is an addendum to PSN 2008-05-007.

Affected releases:
6.0R1; 6.0R2; 6.0R3; 6.0R3.1
6.1R1; 6.1R2; 6.1R3; 6.1R4, 6.1R5; 6.1R6
Pulse Secure recommends that each customer review their currently deployed software and upgrade if required.

Pulse Secure has resolved this issue in the following releases and later:
6.0R3.2, 6.0R4.3, 6.0R5 and higher
6.1R2.1 and 6.1R7 and higher
6.2R1 and higher
6.3R1 and higher

This vulnerability is not present in any 5.x or older versions of PCS.

Pulse Secure will be removing software, which through a process fault, does not have the fix for Security Advisory PSN 2008-05-007. This will minimize the risk to customers inadvertently deploying software which they would have otherwise believed to be "fixed." This removal will be effective immediately for the following releases of PCS OS.:

6.0R1 software ONLY
6.0R3.1 Software and release notes
6.1R1 Software ONLY
6.1R2 Software and release notes
6.1R3 Software and release notes
6.1R4 Software and release notes
6.1R5 Software and release notes
6.1R6 Software and release notes

Please upgrade to a validated fixed version if you have deployed any of these images.
Related Links
To download the latest software, please go to
CVSS Score
Risk AssessmentIf RADIUS is being used as the authentication mechanism on the Pulse Connect Secure platform running an affected release of the PCS OS then in a specific scenario, an unauthenticated user may be able to get past the authentication step of the PCS OS login.
Alert TypePSN - Product Support Notification
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy IDPSN-2009-03-253, JSA10398



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255