JSA10414 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - Security Bundle - Admin Issue

« Go Back

Information

Product Affected	PCS: SA 500, SA 700, SA 1000, SA 2000, SA 2500, SA 3000, SA 4000, SA 4500, SA 5000, SA 6000, SA 6500 PPS: IC4000, IC4500, IC6000, IC6500 SA 3000 FIPS, SA 5000 FIPS, SA 4000 FIPS, SA 6000 FIPS, SA 4500 FIPS, SA 6500 FIPS

Problem

Admin vulnerability found and fixed through a combination of internal and external proactive security testing:
- When an admin uses certain sub-menus within the console, a timeout is not enforced

Solution

Upgrade is recommended to the following or later releases:
- PCS: 6.0R12; 6.1R8; 6.2R6; 6.3R5; 6.4R2; 6.5R1
- PPS: 3.0R2

No workaround exists for this issue.

Software upgrades recommended in this Security Advisory are synchronized with the recommendations in other bulletins (JSA10413 and JSA10415). This enables customers to upgrade once and have all issues resolved with the upgrade.

Workaround

Implementation

Related Links

Patched Software Release Service Packages are available at Pulse Secure Licensing and Download Center: https://my.pulsesecure.net. Documentation links to the relevant software’s are also available at Pulse Secure Licensing and Download Center.

CVSS Score

Risk Assessment	Admin needs to be on the console, be in certain sub-menus and stay in this sub-menu. Another user coming to the console will not be asked for credentials, and can continue using the console as it does not time out, as if it is not password protected.

Acknowledgements

Alert Type	PSN - Product Support Notification

Risk Level	Medium

Attachment 1

Attachment 2

Legacy ID	PSN-2009-10-539, JSA10414

Related Articles

JSA10414 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - Security Bundle - Admin Issue

Information

Feedback

Was this article helpful?