Reset Search
 

 

Article

JSA10414 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - Security Bundle - Admin Issue

« Go Back

Information

 
Product AffectedPCS: SA 500, SA 700, SA 1000, SA 2000, SA 2500, SA 3000, SA 4000, SA 4500, SA 5000, SA 6000, SA 6500
PPS: IC4000, IC4500, IC6000, IC6500 SA 3000 FIPS, SA 5000 FIPS, SA 4000 FIPS, SA 6000 FIPS, SA 4500 FIPS, SA 6500 FIPS
Problem
Admin vulnerability found and fixed through a combination of internal and external proactive security testing:
- When an admin uses certain sub-menus within the console, a timeout is not enforced
Solution
Upgrade is recommended to the following or later releases:
- PCS: 6.0R12; 6.1R8; 6.2R6; 6.3R5; 6.4R2; 6.5R1
- PPS: 3.0R2

No workaround exists for this issue.

Software upgrades recommended in this Security Advisory are synchronized with the recommendations in other bulletins (JSA10413 and JSA10415). This enables customers to upgrade once and have all issues resolved with the upgrade.
Workaround
Implementation
Related Links
Patched Software Release Service Packages are available at Pulse Secure Licensing and Download Center: https://my.pulsesecure.net. Documentation links to the relevant software’s are also available at Pulse Secure Licensing and Download Center.
CVSS Score
Risk AssessmentAdmin needs to be on the console, be in certain sub-menus and stay in this sub-menu. Another user coming to the console will not be asked for credentials, and can continue using the console as it does not time out, as if it is not password protected.
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy IDPSN-2009-10-539, JSA10414

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255