Reset Search



JSA10590 - 2013-09 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Crafted packet can cause denial of service

« Go Back


Product AffectedSA 4000, SA 6000, SA4500, FIPS SA4500, FIPS SA6000, SA6500, FIPS SA6500, MAG6610 with SM360 blade, MAG6611 with SM360 blade, IC6500, and the following PPS platforms do not come with the card by default, but it can be added to the systems: IC4000, IC4500
A denial of service (DoS) issue has been found on the Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) devices. This issue can cause the system to hang ultimately requiring a restart to bring the system back into service. This issue only applies to devices that contain the hardware SSL acceleration card and have it enabled.

This issue was found during security testing and reported to Pulse Secure by a third party security researcher who utilized responsible disclosure when reporting this issue.

Pulse Secure SIRT is not aware of any malicious exploitation of this vulnerability.
Software updates to PCS and PPS have been released to resolve this issue. Releases containing the fix include PCS 7.1r15, 7.2r10, 7.3r6, and 7.4r3 and PPS 4.1r8.1, 4.2r5, 4.3r6 and 4.4r3.
Disabling the hardware SSL acceleration card will prevent this issue from occurring.

Console directions: To disable the hardware SSL acceleration card via console, first connect to the console port, then choose option "10" from the menu, which is "10. Toggle SSL HW Acceleration (system will reboot when this setting is modified)"

Admin page directions: To disable the hardware SSL acceleration card via admin page (https), log into the PCS / PPS admin page, then go to: Maintenance --> System --> Options, uncheck the following option:
Enable SSL acceleration. The system will reboot when this setting is modified.
Use SSL acceleration to offload SSL operations from the main CPU. This can significantly improve performance.
Related Links
CVSS Score7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Risk Assessment
 Pulse Secure SIRT would like to acknowledge and thank Kenny Herold for responsibly reporting this vulnerability.
Alert Type 
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy IDJSA10590



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255