Pulse Secure Update
3504Warning Date
Severity Level
Warning Number
Target Sector
17 September, 2019
● High
2019-437
All
Description:
Pulse Secure has released security update to address multiple vulnerabilities in the following versions of Pulse Policy Secure:
- Pulse Policy Secure 5.3R1 - 5.3R12
- Pulse Policy Secure 5.4R1 - 5.4R7
- Pulse Policy Secure 9.0R1 - 9.0R3.3
- Pulse Policy Secure 5.1R1 - 5.1R15
- Pulse Policy Secure 5.2R1 - 5.2R12
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Conduct a session hijacking attack.
- Cross-site scripting attack (XSS).
- Inject and execute command injection.
- Execute arbitrary code.
Best practice and Recommendations:
The CERT team encourages users to update the affected versions and to review Pulse Secure advisory: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/