CVE-2018-20812
HIGHPulse Secure Desktop < 9.0R1 - Unauthorized IPv6 DNS Traffic Exposure via VPN Tunnel Bypass
Title source: llmDescription
An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. This is applicable only to dual-stack (IPv4/IPv6) endpoints.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/
Scores
CVSS v3
7.5
EPSS
0.0111
EPSS Percentile
61.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (5)
pulsesecure/pulse_secure_desktop_client
4.0 r1.0 (16 CPE variants)
pulsesecure/pulse_secure_desktop_client
5.1 r1.0 (18 CPE variants)
pulsesecure/pulse_secure_desktop_client
5.1r 3.2 (2 CPE variants)
pulsesecure/pulse_secure_desktop_client
5.3 r1 (11 CPE variants)
pulsesecure/pulse_secure_desktop_client
9.0 r1 (3 CPE variants)
Published
Jun 28, 2019
Tracked Since
Feb 18, 2026