Reset Search
 

 
Article

SA40425 - February 16, 2017 OpenSSL Security Advisory

Printable View
« Go Back

Information

 
Product Affected
Problem
On February 16, 2017 the OpenSSL project announced a group of new security advisories. These issues affect all supported versions of Pulse Secure products. For a list of supported software versions, please refer to our EOL policy.

The OpenSSL advisory can be found at the following link: https://www.openssl.org/news/changelog.html.
Solution
Pulse Secure is currently evaluating the following issues reported by OpenSSL:


Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
 

Pulse Connect SecureNot affected
Pulse Policy SecureNot affected
Pulse Desktop client (Windows & MAC OS X)Not affected
Pulse Mobile (Android)Not affected
Pulse Mobile (iOS) / (FIPS)Not affected
Network Connect / Pulse (Linux)Not affected
Network Connect (Windows & Mac OS X)Not affected
Network Connect FIPS (Windows)Not affected
SBR EnterpriseUnder Investigation
Odyssey Client (Windows)Under Investigation


Document History:
February 23, 2017 - Updated status for Pulse Mobile and Network Connect clients
February 25, 2017 - Updated status for Pulse Connect Secure and Pulse Policy Secure
February 28, 2017 - Updated status for Pulse Secure Desktop client
Workaround
Implementation
Related Links
CVSS Score
Risk Assessment
Acknowledgements
Alert Type 
Risk Level 
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255