7.3
CVE-2024-45750
- EPSS 7.27%
- Veröffentlicht 25.09.2024 18:15:05
- Zuletzt bearbeitet 26.09.2024 19:35:17
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Client MacOS 2.4.10 (and older) allows a remote attacker to execute arbitrary code via the IKEv2 Authentication phase, it accepts malformed ECDSA signatures and establishes the tunnel.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerthegreenbow
≫
Produkt
android_vpn
Default Statusunknown
Version <=
6.4.5
Version
0
Status
affected
Herstellerthegreenbow
≫
Produkt
vpn_client_linux
Default Statusunknown
Version <=
3.4
Version
0
Status
affected
Herstellerthegreenbow
≫
Produkt
windows_standard_vpn
Default Statusunknown
Version <=
6.87.108
Version
0
Status
affected
Herstellerthegreenbow
≫
Produkt
windows_enterprise_vpn
Default Statusunknown
Version <=
7.5.007
Version
0
Status
affected
Herstellerthegreenbow
≫
Produkt
vpn_client_macos
Default Statusunknown
Version <=
2.4.10
Version
0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.27% | 0.914 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.