What is CVE-2018-20810?

CVE-2018-20810 is a critical-severity vulnerability in Ivanti Connect_secure, classified under Inadequate Encryption Strength. CVSS score: 9.8/10. Published 2019-06-28.

How severe is CVE-2018-20810?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Ivanti Connect_secure

CVE-2018-20810

Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX…

EPSS: 0.018 (75.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ivanti Connect_secure — versions 8.3
Pulsesecure Pulse_policy_secure — versions 5.4
N/a — versions n/a

Weakness classification (CWE)

CWE-326 — Inadequate Encryption Strength

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2018-20810?: CVE-2018-20810 is a critical-severity vulnerability in Ivanti Connect_secure, classified under Inadequate Encryption Strength. CVSS score: 9.8/10. Published 2019-06-28.
How severe is CVE-2018-20810?: Critical severity. CVSS v3 base score is 9.8 out of 10.