CVE-2018-20812

HIGH

Pulse Secure Desktop < 9.0R1 - Unauthorized IPv6 DNS Traffic Exposure via VPN Tunnel Bypass

Title source: llm
STIX 2.1

Description

An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. This is applicable only to dual-stack (IPv4/IPv6) endpoints.

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0111
EPSS Percentile 61.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (5)
pulsesecure/pulse_secure_desktop_client 4.0 r1.0 (16 CPE variants)
pulsesecure/pulse_secure_desktop_client 5.1 r1.0 (18 CPE variants)
pulsesecure/pulse_secure_desktop_client 5.1r 3.2 (2 CPE variants)
pulsesecure/pulse_secure_desktop_client 5.3 r1 (11 CPE variants)
pulsesecure/pulse_secure_desktop_client 9.0 r1 (3 CPE variants)
Published Jun 28, 2019
Tracked Since Feb 18, 2026