Pulse Secure has evaluated the issues reported in CVE-2020-9498 and CVE-2020-9497.
Please refer to the below table to determine which products are affected.As the investigation continues, we recommend subscribing to this advisory as it will be periodically updated to reflect the current status.CVE-2020-94985.7 Medium CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Pulse Connect Secure | Not Vulnerable |
Pulse Policy Secure | Not Vulnerable |
Pulse One | Not Vulnerable |
CVE-2020-94973.5 Low CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Pulse Connect Secure | Vulnerable |
Pulse Policy Secure | Not Vulnerable |
Pulse One | Not Vulnerable |
NOTE: PCS version 8.1Rx and below versions are not applicable to this vulnerability.
Exploitation:
Pulse Secure PSIRT is not aware of any malicious exploitation for this vulnerability.
Document History:
July 7, 2020 - Initial advisory posted.
LEGAL DISCLAIMER
- THIS ADVISORY IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE OF THIS INFORMATION FOUND IN THIS ADVISORY OR IN MATERIALS LINKED HEREFROM IS AT THE USER’S OWN RISK. PULSE SECURE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS ADVISORY AT ANY TIME.
- A STANDALONE COPY OR PARAPHRASE OF THE TEXT OF THIS ADVISORY THAT OMITS THE DISTRIBUTION URL IS AN UNCONTROLLED COPY AND MAY OMIT IMPORTANT INFORMATION OR CONTAIN ERRORS. THE INFORMATION IN THIS ADVISORY IS INTENDED FOR END USERS OF PULSE SECURE PRODUCTS.