JSA10398 - Security Vulnerability in Pulse Connect Secure Platforms) RADIUS authentication mechanism

This Security Advisory is an addendum to PSN 2008-05-007.

Affected releases:
6.0R1; 6.0R2; 6.0R3; 6.0R3.1
6.1R1; 6.1R2; 6.1R3; 6.1R4, 6.1R5; 6.1R6

Pulse Secure recommends that each customer review their currently deployed software and upgrade if required.

Pulse Secure has resolved this issue in the following releases and later:
6.0R3.2, 6.0R4.3, 6.0R5 and higher
6.1R2.1 and 6.1R7 and higher
6.2R1 and higher
6.3R1 and higher

This vulnerability is not present in any 5.x or older versions of PCS.


Pulse Secure will be removing software, which through a process fault, does not have the fix for Security Advisory PSN 2008-05-007. This will minimize the risk to customers inadvertently deploying software which they would have otherwise believed to be "fixed." This removal will be effective immediately for the following releases of PCS OS.:

6.0R1 software ONLY
6.0R3.1 Software and release notes
6.1R1 Software ONLY
6.1R2 Software and release notes
6.1R3 Software and release notes
6.1R4 Software and release notes
6.1R5 Software and release notes
6.1R6 Software and release notes

Please upgrade to a validated fixed version if you have deployed any of these images.

To download the latest software, please go to http://my.pulsesecure.net