Reset Search



JSA10536 - 2012-09 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Specifically crafted https packet may cause denial of service

« Go Back


Product AffectedPCS700, PCS2000, PCS2500, PCS4000, PCS4000 FIPS, PCS4500, PCS4500 FIPS, PCS6000, PCS6000 FIPS, PCS6500, PCS6500 FIPS, PPS4000, PPS4500, PPS6000, PPS6500, PPS6500 FIPS, MAG PCS2600, MAG PCS4610, MAG PCS6610, MAG PCS6611
A denial of service issue was found in the Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) system software. A specific malformed https packet can potentially cause a system service to crash. After the crash takes place. the system will restart the affected service and return to an operational state. If the issue was ongoing however, there could be an extended loss of service.

This issue was found during internal product security testing.

Pulse Secure is not aware of any malicious exploitation of this vulnerability.
Software updates to PCS and PPS have been released to resolve this issue. Releases containing the fix include PCS 7.2r1, 7.1r8, and all subsequent releases. The PPS versions with the fix include: 4.2r1, 4.1r8, and all subsequent releases.
Software release Service Packages are available at from the "Download Software" links.
Related Links
CVSS Score7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Risk AssessmentA DoS (denial of service) attack against a device could cause a temporary loss of connectivity for users. The system watchdog would restart the affected service, so users may or may not notice the issue. If the issue was ongoing however, there could be an
Alert TypePSN - Product Support Notification
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy IDPSN-2012-09-711, JSA10536



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255