What is CVE-2018-20812?

CVE-2018-20812 is a high-severity vulnerability in Pulsesecure Pulse_secure_desktop_client, classified under Information Disclosure. CVSS score: 7.5/10. Published 2019-06-28.

How severe is CVE-2018-20812?

High severity. CVSS v3 base score is 7.5 out of 10.

Information disclosure in Pulsesecure Pulse_secure_desktop_client

CVE-2018-20812

An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. This is applicable only to dual-stack (IPv4/IP…

Vulnerability class: Information Disclosure

EPSS: 0.011 (61.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Pulsesecure Pulse_secure_desktop_client — versions 4.0, 5.1, 5.1r
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2018-20812?: CVE-2018-20812 is a high-severity vulnerability in Pulsesecure Pulse_secure_desktop_client, classified under Information Disclosure. CVSS score: 7.5/10. Published 2019-06-28.
How severe is CVE-2018-20812?: High severity. CVSS v3 base score is 7.5 out of 10.