Reset Search
 

 

Article

SA44846 - OpenSSL Security Advisory CVE-2021-23841

« Go Back

Information

 
Product Affected
Problem
On February 16 2021, the OpenSSL project announced a new security advisory. These issues may affect Pulse Secure product.

Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities per our End of Engineering (EOE) and End of Life (EOL) policies.

The OpenSSL advisory can be found at the following link: https://www.openssl.org/news/secadv/20210216.txt
Solution
Pulse Secure is currently evaluating the following issues reported by OpenSSL:
As the investigation continues, we recommend subscribing to this advisory as it will be periodically updated to reflect the current status.


 
CVE-2021-23839 (Incorrect SSLv2 rollback protection)
 
Pulse Connect SecureNot Vulnerable
Pulse Policy SecureNot Vulnerable
Pulse OneNot Vulnerable

CVE-2021-23841 (Null pointer deref in X509_issuer_and_serial_hash())
 
Pulse Connect SecureNot Vulnerable
Pulse Policy SecureNot Vulnerable
Pulse OneNot Vulnerable

CVE-2021-23840 (Integer overflow in CipherUpdate)
5.3 Medium CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
 
Pulse Connect SecureResolved in 9.1R12 (Tentative for Q3 2021)
Pulse Policy SecureResolved in 9.1R12 (Tentative for Q3 2021)
Pulse OneResolved in Pulse One 2.2004

LEGAL DISCLAIMER

                                  ⦁    THIS ADVISORY IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.  USE OF THIS INFORMATION FOUND IN THIS ADVISORY OR IN MATERIALS LINKED HEREFROM IS AT THE USER’S OWN RISK.  PULSE SECURE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS ADVISORY AT ANY TIME.

                                  ⦁    A STANDALONE COPY OR PARAPHRASE OF THE TEXT OF THIS ADVISORY THAT OMITS THE DISTRIBUTION URL IS AN UNCONTROLLED COPY AND MAY OMIT IMPORTANT INFORMATION OR CONTAIN ERRORS.  THE INFORMATION IN THIS ADVISORY IS INTENDED FOR END USERS OF PULSE SECURE PRODUCTS.
 
Workaround
Implementation
Related Links
CVSS Score5.3 Medium CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Risk Assessment
Acknowledgements
Alert Type 
Risk Level 
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255