Pulse Secure is currently evaluating the following issues reported by OpenSSL:
As the investigation continues, we recommend subscribing to this advisory as it will be periodically updated to reflect the current status.EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)4.3 Medium CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|Pulse Connect Secure||Resolved in 9.1R12 (Tentative for Q3, 2021)|
|Pulse Policy Secure||Resolved in 9.1R12 (Tentative for Q3, 2021)|
|Pulse One||Resolved in Pulse One 2.0.2004|
|Pulse Secure vADC||Not Vulnerable|
We will update the KB as and when we have new updates.
- THIS ADVISORY IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE OF THIS INFORMATION FOUND IN THIS ADVISORY OR IN MATERIALS LINKED HEREFROM IS AT THE USER’S OWN RISK. PULSE SECURE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS ADVISORY AT ANY TIME.
- A STANDALONE COPY OR PARAPHRASE OF THE TEXT OF THIS ADVISORY THAT OMITS THE DISTRIBUTION URL IS AN UNCONTROLLED COPY AND MAY OMIT IMPORTANT INFORMATION OR CONTAIN ERRORS. THE INFORMATION IN THIS ADVISORY IS INTENDED FOR END USERS OF PULSE SECURE PRODUCTS.
January 18, 2021 - Initial advisory posted.
March 31, 2021 - Added fixed release for Pulse One
May 11, 2021 - Added fixed release for PCS/PPS