Reset Search
 

 

Article

TSB44847 - Pulse Connect Secure 9.1R11.4 and 9.1R11.5 adoption update

« Go Back

Information

 
Last Modified Date7/14/2021 6:06 PM
Legacy Id
Product Affected
Alert Description
On 3 May 2021, Pulse Secure released Pulse Connect Secure (PCS) server software version 9.1R11.4 to address multiple security vulnerabilities first shared on 20 April 2021 in Security Advisory SA44784.  

Subsequently, on 11 June 2021, Pulse Secure released Pulse Connect Secure (PCS) server software version 9.1R11.5 to address security vulnerability SA44800 and to restore Pulse Collaboration / File share browser functionality, replacing the need to apply the 2015Workaround XML.

We have worked closely with all affected customers to quickly and efficiently mitigate the risk in their environments and we continue to work with third-party security experts, law enforcement and government agencies to further protect customers and collaborate with the broader security industry.

The threat actor(s) involved is highly sophisticated and went to great lengths to avoid detection. Even so, only a small number of customers were exploited via the new vulnerability, and we have seen only one of the vulnerabilities exploited in the wild. The Integrity Checker Tool (ICT) has been successful at identifying compromised devices.

The ICT and versions 9.1R11.4 and 9.1R11.5, and other mitigations outlined in SA44784 and SA44800 are proving effective for customers thus far.  Adoption trends for R11.4 and R11.5 are high with several thousand downloads.     

For a clear understanding of possible upgrade paths and our latest pre-upgrade checklists please see our knowledge base article:  KB44834 - PCS Software Recommended Upgrade Path for PSA Hardware and Virtual Appliances


If you have not upgraded to 9.1R11.4 and applied the Workaround-2105.xml already, or applied 9.1R11.5, we strongly encourage you to do so. Note that you should run the Integrity Checker Tool (KB44755) PRIOR to upgrading your PCS appliance to ensure your appliance has not been impacted. Full technical details and downloads can be found in SA44784.

In 9.1R11.5 we have also added a Pulse client components clean up and Seamless Upgrade Helper tool for Browsers (Agentless) to remediate the known Cert issue that impacted us in March.  This will help automate any remaining remediation efforts for browser impacted clients.    


Please contact us with any questions via +1-844-751-7629 or engage your support representative
https://support.pulsesecure.net/support/support-contacts/.

 
Solution
Implementation
Alert TypePSN - Product Support Notification
Related Links
Attachment 1 
Attachment 2 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255