Description
Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message.
References (4)
Core 4
Core References
Various Sources x_refsource_misc
https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends
Vendor Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16756
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033166
Various Sources x_refsource_confirm
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40004
Scores
EPSS
0.0038
EPSS Percentile
59.4%
Details
CWE
CWE-17
CWE-20
Status
published
Products (5)
juniper/pulse_connect_secure
5.1
juniper/pulse_connect_secure
7.1
juniper/pulse_connect_secure
7.4
juniper/pulse_connect_secure
8.0
juniper/pulse_connect_secure
8.1
Published
Aug 11, 2015
Tracked Since
Feb 18, 2026