CVE-2024-45750

EUVD-2024-41580
An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Client MacOS 2.4.10 (and older) allows a remote attacker to execute arbitrary code via the IKEv2 Authentication phase, it accepts malformed ECDSA signatures and establishes the tunnel.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
thegreenbowandroid_vpn
𝑥
≤ 6.4.5
ADP
thegreenbowvpn_client_linux
𝑥
≤ 3.4
ADP
thegreenbowwindows_standard_vpn
𝑥
≤ 6.87.108
ADP
thegreenbowwindows_enterprise_vpn
𝑥
≤ 7.5.007
ADP
thegreenbowvpn_client_macos
𝑥
≤ 2.4.10
ADP
Common Weakness Enumeration
References
https://thegreenbow.com
https://www.thegreenbow.com/en/support/security-alerts/#deeplink-17024