CVE-2015-5369

Name of the Vulnerable Software and Affected Versions Pulse Connect Secure versions 7.1 through 7.1r22.2 Pulse Connect Secure versions 7.4 through 7.4r13.5 Pulse Connect Secure versions 8.0 through 8.0r13 Pulse Connect Secure versions 8.1 through 8.1r5 PPS versions 5.0 through 5.0R13 PPS versions 5.1 through 5.1R5

Description The issue arises when Hardware Acceleration is enabled, and it does not properly validate the Finished TLS handshake message. This makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message.

Recommendations For Pulse Connect Secure versions 7.1 through 7.1r22.2, update to version 7.1r22.2 or later. For Pulse Connect Secure versions 7.4 through 7.4r13.5, update to version 7.4r13.5 or later. For Pulse Connect Secure versions 8.0 through 8.0r13, update to version 8.0r13 or later. For Pulse Connect Secure versions 8.1 through 8.1r5, update to version 8.1r5 or later. For PPS versions 5.0 through 5.0R13, update to version 5.0R13 or later. For PPS versions 5.1 through 5.1R5, update to version 5.1R5 or later.