CVE-2018-20810
published 2019-06-28CVE-2018-20810: Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and…
PriorityP345critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.77%
75.3th percentile
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g8vh-4gxx-phq3: Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8
ghsa_unreviewed·2022-05-24
CVE-2018-20810 [CRITICAL] CWE-326 GHSA-g8vh-4gxx-phq3: Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.
Ivanti
Ivanti Security Advisory: CVE-2018-20810
vendor_ivanti·2019-06-28·CVSS 9.8
CVE-2018-20810 [CRITICAL] CWE-326 Ivanti Security Advisory: CVE-2018-20810
Ivanti Security Advisory: CVE-2018-20810
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.
CVE IDs: CVE-2018-20810
CVSS Base Score: 9.8
Severity: CRITICAL
CWEs: CWE-326
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-06-28
Published