Vulnerability Details CVE-2018-20812
An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. This is applicable only to dual-stack (IPv4/IPv6) endpoints.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-20812
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:4.0
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.1r
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:5.3
-
cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.0