CVE-2024-45750

Name of the Vulnerable Software and Affected Versions: TheGreenBow Windows Standard VPN Client versions 6.87.108 and older TheGreenBow Windows Enterprise VPN Client versions 6.87.109 and older TheGreenBow Windows Enterprise VPN Client versions 7.5.007 and older TheGreenBow Android VPN Client versions 6.4.5 and older TheGreenBow VPN Client Linux versions 3.4 and older TheGreenBow VPN Client MacOS versions 2.4.10 and older

Description: An issue in TheGreenBow VPN Clients allows a remote attacker to execute arbitrary code via the IKEv2 Authentication phase. It accepts malformed ECDSA signatures and establishes the tunnel. This issue exists across multiple platforms.

Recommendations: For TheGreenBow Windows Standard VPN Client versions 6.87.108 and older, update to a newer version to mitigate the risk. For TheGreenBow Windows Enterprise VPN Client versions 6.87.109 and older, update to a newer version to mitigate the risk. For TheGreenBow Windows Enterprise VPN Client versions 7.5.007 and older, update to a newer version to mitigate the risk. For TheGreenBow Android VPN Client versions 6.4.5 and older, update to a newer version to mitigate the risk. For TheGreenBow VPN Client Linux versions 3.4 and older, update to a newer version to mitigate the risk. For TheGreenBow VPN Client MacOS versions 2.4.10 and older, update to a newer version to mitigate the risk. As a temporary workaround, consider disabling the IKEv2 Authentication phase until a patch is available.