JSA10656 - 2014-10 Out of Cycle Security Bulletin: Multiple products affected by SSL "POODLE" vulnerability (CVE-2014-3566)

The SSL protocol 3.0 (SSLv3) uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack.  This issue is also known as the "POODLE" vulnerability.

SSLv3 is an older security protocol with known issues, but still exists as a fallback protocol on many devices.

Vulnerable Products

• Pulse Policy Secure
• Pulse Connect Secure

Pulse Secure is continuing to investigate our product portfolio for affected software that is not mentioned above. As new information becomes available this document will be updated.

This issue has been assigned CVE-2014-3566.
 

Last Updated : 10/21/2014 11:30 AM PST

Pulse Connect Secure and Pulse Policy Secure can be configured to disallow SSLv3 communication from client browsers and other client components to mitigate any risks from the above attack.  Pulse Secure is monitoring this issue and will continue to update this article with details. Please subscribe to this article to receive updates. \
FAQ:

How to disable SSLv3 on the Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS)? 
 

• From the admin GUI navigate to System > Configuration > Security and under the section “Allowed SSL and TLS Version” select the first option “Accept only TLS”. This setting will ensure that SSLv3 is disabled on the server-side and any SSL connections from clients that attempt to use SSLv3 will be terminated. 

Are there any side effects to disabling SSLv3 using the above setting?
 

• We don’t expect any side effects as all Pulse Secure client components will be able to communicate to the gateway over TLS. Since most modern browsers and OS support TLS, end users should not see any impact from this setting change. However if you have any browser or other end user software that directly establishes connections to the Pulse Secure gateway devices AND is not capable of communicating over TLS then the communication will fail due to TLS handshake failures.

What about communications that originate from PCS/PPS to other servers? i.e. Cases where the PCS/PPS is acting like a https client?The settings described above only control the protocol version when the communication is between various clients and the PCS/PPS acting as the server. For https connections where the PCS/PPS is acting like a https client:
 

• In most cases Pulse Secure gateways communicates over TLS to other servers. For example when using the Web Access (Rewriter) the PCS will communicate with any backend server over TLS.
• The only features that require SSLv3 when communicating to a backend server are the EndPoint Security features 'Virus signature version monitoring' and 'Patch Management Info Monitoring’. Specifically the module that fetch the updates from download.pulsesecure.net use SSLv3. Software patches will be released to change the protocol to TLS. The software releases with this change will be 7.1r20.2, 7.4r13.2 and 8.0R7.1 for PCS and 4.1R8.2, 4.4r13.2 and 5.0R7.1 for PPS - ETA is 10/27/2014. However it should be noted that the Poodle attack does not apply to this scenario as these requests are sent by scripts embedded in the product and there is no browser or another avenue for the attacker to inject data which is required for an attacker to exploit this issue. If for some reason your corporate firewall does not allow SSLv3 communication at all you can disable these automatic updates and manually update the definition files until a software patch is released to change the communication protocol to TLS.

Client Side Mitigation:
The risk of attack from negotiating or being forced to downgrade to SSLv3 can be completely mitigated by disabling SSLv3 support in the browser.

 

 Modification History:
2014-10-15: Initial release
2014-10-15: Added CVSS score
2014-10-16: Suggested client-side mitigation