Reset Search



JSA10399 - Security Vulnerability in Pulse Policy Secure (PPS) software's radius authentication mechanism

« Go Back


Product AffectedIC4000, IC6000
This Security Advisory is an addendum to JSA10380.. The purpose is to notify customers of the removal of the affected releases from the Pulse Secure software download site.
Pulse Secure recommends that each customer review their currently deployed software and upgrade if required.

Pulse Secure has resolved this issue in the following releases and later:
2.1R4 and higher

This vulnerability is not present in any 2.x or older versions of PPS OS.

Pulse Secure will be removing software from the Pulse Secure Portal which does not have the fix for Security Advisory JSA10380. This will minimize the risk to customers inadvertently deploying software which they would have otherwise believed to be "fixed." This removal will be effective immediately for the following releases of PPS OS:

2.1R3 Software ONLY
2.1R2 Software ONLY
2.1R1.1 Software ONLY

Please upgrade to a validated fixed version if you have deployed any of these images.
Related Links
JSA10380 - Security Vulnerability in Pulse Policy Secure Platform’s Radius Authentication Server used in a Realm not doing Radius Proxy.

Software Release Service Packages are available at Pulse Secure Licensing and Download Center: Documentation links to the relevant software’s are also available at Pulse Secure Licensing and Download Center.
CVSS Score
Risk AssessmentIf radius is being used as the authentication mechanism on the PPS platform running an affected release of the PPS OS then in a specific scenario, an un-authenticated user may be able to get past the authentication step of the PPS OS login process.
Alert TypePSN - Product Support Notification
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy IDPSN-2009-03-256, JSA10399



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255