Fixed Versions
Pulse Desktop Client or Pulse Connect Secure (for Network Connect customers) are available via the
Pulse Secure Download Center. For software download instructions, please refer to
KB40028.
Pulse Desktop Client
- Pulse Secure Desktop 9.0R3 and above
- Pulse Secure Desktop 5.3R7 and above
For customers who utilize Pulse Desktop Client only, no upgrade is needed on the server-side. The fix only requires an upgrade of the client-side (Pulse Desktop Client) software. Pulse Desktop Client is forward and backward compatible with all supported versions of Pulse Connect Secure (PCS) software.
Network Connect
Since Network Connect is part of the Pulse Connect Secure (PCS) server package, this will require a server-side upgrade.
- Pulse Connect Secure 9.0R3 and above
- Pulse Connect Secure 8.3R7 and above
- Pulse Connect Secure 8.1R14 and above
For customers who are not utilizing Network Connect, a server-side upgrade is not required.
Exploitation:
Pulse Secure PSIRT is not aware of any malicious exploitation for this vulnerability.
Document History:April 11, 2019 - Initial advisory posted
April 12, 2019 - CVE-2019-11213 was assigned
LEGAL DISCLAIMER
- THIS ADVISORY IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE OF THIS INFORMATION FOUND IN THIS ADVISORY OR IN MATERIALS LINKED HEREFROM IS AT THE USER’S OWN RISK. PULSE SECURE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS ADVISORY AT ANY TIME.
- A STANDALONE COPY OR PARAPHRASE OF THE TEXT OF THIS ADVISORY THAT OMITS THE DISTRIBUTION URL IS AN UNCONTROLLED COPY AND MAY OMIT IMPORTANT INFORMATION OR CONTAIN ERRORS. THE INFORMATION IN THIS ADVISORY IS INTENDED FOR END USERS OF PULSE SECURE PRODUCTS.
