SA44899 - CVE-2021-22965: A vulnerability in Pulse Connect Secure before 9.1R12.1

« Go Back

Information

Product Affected	Pulse Connect Secure

Problem

Prior to 9.1R12.1 System Software, a vulnerability in the Pulse Secure server exists where malformed packets can, be used for Denial of Service.
The impact and temporary mitigation is referenced in KB44879

CVE	Score(CVSS:3.0)	Vector	Description	Affected Versions
CVE-2021-22965	5.9	AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated user to causes a denial of service when a malform request is sent to the device.	9.1R12 and Below

Solution

This issue is fixed in PCS 9.1R12.1 or PCS 9.1R13 which can be downloaded from https://my.pulsesecure.net.

LEGAL DISCLAIMER

⦁ THIS ADVISORY IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND
OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE. USE OF THIS INFORMATION FOUND IN THIS ADVISORY OR IN MATERIALS LINKED
HEREFROM IS AT THE USER’S OWN RISK. PULSE SECURE RESERVES THE RIGHT TO CHANGE OR UPDATE
THIS ADVISORY AT ANY TIME.

⦁ A STANDALONE COPY OR PARAPHRASE OF THE TEXT OF THIS ADVISORY THAT
OMITS THE DISTRIBUTION URL IS AN UNCONTROLLED COPY AND MAY OMIT IMPORTANT INFORMATION OR
CONTAIN ERRORS. THE INFORMATION IN THIS ADVISORY IS INTENDED FOR END USERS OF PULSE SECURE
PRODUCTS.

Workaround

Implementation

Related Articles

SA44899 - CVE-2021-22965: A vulnerability in Pulse Connect Secure before 9.1R12.1

Information

Feedback

Was this article helpful?