All products are not vulnerable to the following:
OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
Multiblock corrupted pointer (CVE-2015-0290)
Segmentation fault in DTLSv1_listen (CVE-2015-0207)
Segmentation fault for invalid PSS parameters (CVE-2015-0208)
Empty CKE with client auth and DHE (CVE-2015-1787)
Handshake with unseeded PRNG (CVE-2015-0285)
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
Pulse Connect Secure/SA/MAG
PKCS7 NULL pointer dereferences (CVE-2015-0289)
Vulnerable in 8.1 only.
8.1r3.1 resolves this issue. Released on May 14, 2015.
ASN.1 structure reuse memory corruption (CVE-2015-0287)
7.1r22.1 resolves this issue. Released on July 13, 2015.
7.4R13.4 resolves this issue. Released on July 23, 2015.
8.0r11 resolves this issue. Released on June 1, 2015.
8.1r3.1 resolves this issue. Released on May 14, 2015.
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
8.0r11 resolves this issue. Released on June 1, 2015.
8.1r3.1 resolves this issue. Released on May 14, 2015.
Base64 decode (CVE-2015-0292)
7.1r22.1 resolves this issue. Released on July 13, 2015.
7.4R13.4 resolves this issue. Released on July 23, 2015.
8.0r11 resolves this issue. Released on June 1, 2015.
8.1r3.1 resolves this issue. Released on May 14, 2015.
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
7.1r22.1 resolves this issue. Released on July 13, 2015.
7.4R13.4 resolves this issue. Released on July 23, 2015.
8.0r11 resolves this issue. Released on June 1, 2015.
8.1r3.1 resolves this issue. Released on May 14, 2015.
Pulse Policy Secure/IC
PKCS7 NULL pointer dereferences (CVE-2015-0289)
Vulnerable in 5.1 only.
5.1r3.1 resolves this issue. Released on June 1, 2015.
ASN.1 structure reuse memory corruption (CVE-2015-0287)
5.0r11 resolves this issue. Released on June 1, 2015.
5.1r3.1 resolves this issue. Released on May 27. 2015
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
5.0r11 resolves this issue. Released on June 1, 2015.
5.1r3.1 resolves this issue. Released on May 27. 2015
Base64 decode (CVE-2015-0292)
5.0r11 resolves this issue. Released on June 1, 2015.
5.1r3.1 resolves this issue. Released on May 27. 2015
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
5.0r11 resolves this issue. Released on June 1, 2015.
5.1r3.1 resolves this issue. Released on May 27. 2015
Pulse Desktop (Windows)
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
5.1R3.1 resolves this issue. Released on May 21, 2015.
5.0R11 resolves this issue. Released on June 1, 2015.
Pulse Desktop (Mac OSX)
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
Pulse 5.1R3.1 resolves this issue. Released on May 21, 2015.
Pulse 5.0R11 resolves this issue. Released on June 1, 2015.
Pulse Mobile (Android)
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
5.1R3 resolves this issue. Released May 21, 2015.
Base64 decode (CVE-2015-0292)
Pre-Android 5.0 devices are vulnerable.
5.1R3 resolves this issue. Released on May 21, 2015.
Pulse Mobile (iOS non-FIPS, normal mode)
We use Apple iOS provided SSL functions. If vulnerable the update
would come from Apple as an iOS update.
Pulse Mobile (iOS FIPS mode enabled)
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
Pulse 5.1R3 resolves this issue.
Odyssey (Windows)
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
5.1R3 resolves this issue.
5.0R11 resolves this issue.
Base64 decode (CVE-2015-0292)
5.1R3 resolves this issue.
5.0R11 resolves this issue.
Network Connect (Mac)
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
Vulnerable. Fix ETA in progress.
8.1R5 resolves this issue. Released on September 3, 2015.
8.0R13 resolves this issue. ETA is end of September
7.1 & 7.4 are pending ETA.
Base64 decode (CVE-2015-0292)
8.1R5 resolves this issue.
8.0R13 resolves this issue. ETA is end of September
7.1 & 7.4 are pending ETA.
Network Connect (Linux)
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
7.1r22.1 resolves this issue. Released on July 13, 2015.
7.4R13.4 resolves this issue. Released on July 23, 2015.
8.0r11 resolves this issue. Released on June 1, 2015.
8.1r3.1 resolves this issue. Released on May 14, 2015.
Base64 decode (CVE-2015-0292)
7.1r22.1 resolves this issue. Released on July 13, 2015.
7.4R13.4 resolves this issue. Released on July 23, 2015.
8.0r11 resolves this issue. Released on June 1, 2015.
8.1r3.1 resolves this issue. Released on May 14, 2015.
Network Connect (Windows)
Not Vulnerable
Network Connect (Windows FIPS)
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
7.1r22.1 resolves this issue. Released on July 13, 2015.
7.4R13.4 resolves this issue. Released on July 23, 2015.
8.0r11 resolves this issue. Released on June 1, 2015.
8.1r3.1 resolves this issue. Released on May 14, 2015.
SBR Enterprise
PKCS7 NULL pointer dereferences (CVE-2015-0289)
Under investigation
ASN.1 structure reuse memory corruption (CVE-2015-0287)
Under investigation
Base64 decode (CVE-2015-0292)
Under investigation
Pulse Workspace
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
Resolved in 1.1515.0.
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
Resolved in 1.1515.0.
Base64 decode (CVE-2015-0292)
Resolved in 1.1515.0.
Pulse Workspace Connector
Not vulnerable
Document history:
March 18th, 2015 01:00 PM PT — Initial publication
March 19th, 2015 11:11 AM PT — Added CVE numbers and advisory link.
March 19th, 2015 06:00 PM PT — Added product specific information
March 20th, 2015 05:20 PM PT — Updated solution section with latest information.
March 24rd, 2015 10:00 AM PT — Updated solution section with latest information.
April 22nd, 2015 11:00AM PT — Added tentative ETA information.
June 25th, 2015 18:00 PM PT — Updated fixed versions.
July 2nd, 2015 18:00 PM PT — Added PPS versions.
July 17th, 2015 1:00 AM PT - Added tentative ETA information |