PT-2015-6875 · Pulse · Pulse Connect Secure+1

Publicado

2015-08-11

Atualizado

2015-08-11

CVE-2015-5369

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Pulse Connect Secure versions 7.1 through 7.1r22.2 Pulse Connect Secure versions 7.4 through 7.4r13.5 Pulse Connect Secure versions 8.0 through 8.0r13 Pulse Connect Secure versions 8.1 through 8.1r5 PPS versions 5.0 through 5.0R13 PPS versions 5.1 through 5.1R5

Description The issue arises when Hardware Acceleration is enabled, and it does not properly validate the Finished TLS handshake message. This makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message.

Recommendations For Pulse Connect Secure versions 7.1 through 7.1r22.2, update to version 7.1r22.2 or later. For Pulse Connect Secure versions 7.4 through 7.4r13.5, update to version 7.4r13.5 or later. For Pulse Connect Secure versions 8.0 through 8.0r13, update to version 8.0r13 or later. For Pulse Connect Secure versions 8.1 through 8.1r5, update to version 8.1r5 or later. For PPS versions 5.0 through 5.0R13, update to version 5.0R13 or later. For PPS versions 5.1 through 5.1R5, update to version 5.1R5 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17CWE-20

Identificadores relacionados

CVE-2015-5369

Produtos afetados

Pps

Pulse Connect Secure

PT-2015-6875 · Pulse · Pulse Connect Secure+1

CVE-2015-5369

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5