JSA10400 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - SSL-VPN Security Bundle - Admin Issues

« Go Back

Information

Product Affected	Affected Hardware: PCS: SA 500, SA 700, SA 1000, SA 2000, SA 2500, SA 3000, SA 4000, SA 4500, SA 5000, SA 6000, SA 6500, FIPS SA 4000, FIPS SA 6000 PPS: IC4000, IC4500, IC6000, IC6500, FIPS IC 4000, FIPS IC 6000

Problem

Admin vulnerabilities found and fixed through a combination of internal and external proactive security testing:
- Issue in archiving web page
- Dig parameter injection issue in troubleshooting web page

Solution

Pulse Secure recommends upgrading to one of the following or later releases:
PCS: 5.5R7.1; 6.0R8; 6.1R7; 6.2R3; 6.3R2
PPS: 2.2R3

No workarounds exist for these issues. Software upgrades recommended in this Security Advisory are synchronized with the recommendations in other (JSA10401 and JSA10402). This enables customers to upgrade once and have all issues resolved with the upgrade.

Workaround

Implementation

Related Links

Software Release Service Packages are available at Pulse Secure Licensing and Download Center: https://my.pulsesecure.net. Documentation links to the relevant software’s are also available at Pulse Secure Licensing and Download Center.

CVSS Score

Risk Assessment	You need to be logged in as Admin however the Admin can be "tricked" into triggering the bug.

Acknowledgements

Alert Type	PSN - Product Support Notification

Risk Level	Low

Attachment 1

Attachment 2

Legacy ID	PSN-2009-03-248, JSA10400

Related Articles

JSA10400 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - SSL-VPN Security Bundle - Admin Issues

Information

Feedback

Was this article helpful?