CVE-2018-20810

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure (PCS) versions 8.3RX through 8.3R1 Pulse Policy Secure (PPS) versions 5.4RX through 5.4R1

Description: The issue concerns the lack of proper encryption for session data between cluster nodes during cluster synchronization.

Recommendations: For Pulse Connect Secure (PCS) versions 8.3RX through 8.3R1, update to version 8.3R2 or later. For Pulse Policy Secure (PPS) versions 5.4RX through 5.4R1, update to version 5.4R2 or later.

Fix

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326

Related Identifiers

CVE-2018-20810

Affected Products

Pulse Connect Secure

Pulse Policy Secure

CVE-2018-20810

Weakness Enumeration

Related Identifiers

Affected Products

References · 3