CVE-2018-20810
CRITICALPulse Secure Pulse Connect Secure <8.3R2 & Pulse Policy Secure <5.4R2 - Weak Cluster Sync Encryption
Title source: llmDescription
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/
Scores
CVSS v3
9.8
EPSS
0.0154
EPSS Percentile
81.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-326
Status
published
Products (2)
ivanti/connect_secure
8.3 r1
pulsesecure/pulse_policy_secure
5.4 r1
Published
Jun 28, 2019
Tracked Since
Feb 18, 2026