A weak cipher issue has been discovered on the Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) devices. When configuring the device to use a higher level cipher setting, a lower level cipher was unexpectedly enabled in error. While clients should always negotiate the use of the highest available cipher, older clients may have negotiated a lower and therefore less secure cipher.
Pulse Secure SIRT is not aware of any malicious exploitation of this vulnerability.
No other Pulse Secure products or platforms are affected by this issue.
This issue has been assigned CVE-2014-3812