PT-2023-30401 · Thegreenbow · Thegreenbow Windows Enterprise Certified Vpn Client+2
Published
2023-12-19
·
Updated
2025-12-17
·
CVE-2023-47267
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TheGreenBow Windows Enterprise Certified VPN Client version 6.52
TheGreenBow Windows Standard VPN Client version 6.87
TheGreenBow Windows Enterprise VPN Client version 6.87
Description
An issue discovered in TheGreenBow VPN clients allows attackers to gain escalated privileges via crafted changes to memory mapped file.
Recommendations
For TheGreenBow Windows Enterprise Certified VPN Client version 6.52, consider applying configuration changes to restrict access to memory mapped files until a patch is available.
For TheGreenBow Windows Standard VPN Client version 6.87, restrict access to memory mapped files to minimize the risk of exploitation.
For TheGreenBow Windows Enterprise VPN Client version 6.87, consider disabling the functionality that allows changes to memory mapped files as a temporary workaround until a patch is available.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Thegreenbow Windows Enterprise Certified Vpn Client
Thegreenbow Windows Enterprise Vpn Client
Thegreenbow Windows Standard Vpn Client