Reset Search
 

 

Article

SA40004 - [Pulse Secure] TLS connection verification issue (CVE-2015-5369)

« Go Back

Information

 
Product AffectedPSC6000, PCS6500, MAG PSC360
Problem
On Pulse Connect Secure (PCS) that offer Hardware Acceleration (PSC6000, PCS6500, MAG PSC360) and enabled, then TLS connections may be vulnerable to a protocol handshake vulnerability. This issue could potentially allow an attacker to gain man in the middle (MITM) access between a client and the Pulse Secure server, only if they utilize a second separate exploit.

Pulse Secure is not aware of any malicious exploitation of this issue in the wild.

This issue is also known as CVE-2015-5369.
Solution
A software fix is being developed to resolve this issue to allow customers to continue using the Hardware Acceleration feature. If you do not use the Hardware Acceleration feature then your device is not vulnerable to this issue and do not need to apply the software fix.

To resolve these issues, please upgrade to the following releases:
  • PCS 8.1r5 / PPS 5.1R5 
  • PCS 8.0r13 / PPS 5.0R13
  • PCS 7.4R13.5
  • PCS 7.1r22.2

FAQ:
  1. How can I tell if my PCS device has the Hardware Acceleration option and if it is enabled?  If the SSL Hardware accelerator card is installed, only then will the following option be visible in the admin GUI.
Under Maintenance > System > Options > Enable SSL acceleration check box is enabled.  Note:  The system will reboot when this setting is modified

 

  1. Are there any side effects to disabling Hardware Acceleration?
Certain traffic profiles may have performance impact due to disabling Hardware Acceleration as described in KB12912 - [System Management] Performance impact on PCS device after disabling SSL hardware accelerator card The impact will mostly be in the form of higher CPU utilization.
 
In a clustered environment, system refers to all the cluster members, so changing the hardware acceleration option on one cluster member causes all the cluster members to reboot simultaneously.
Workaround
The workaround is to disable Hardware Acceleration feature. 
Implementation
Related Links
CVSS Score4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Risk Assessment
Acknowledgements
Pulse Secure would like to thank Yngve N. Pettersen of TLS Prober Labs for responsibly disclosing this issue.
Alert TypePSN - Product Support Notification
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy IDTSB16756

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255