7.3
CVE-2024-45750
- EPSS 0.49%
- Veröffentlicht 25.09.2024 18:15:05
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Client MacOS 2.4.10 (and older) allows a remote attacker to execute arbitrary code via the IKEv2 Authentication phase, it accepts malformed ECDSA signatures and establishes the tunnel.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerthegreenbow
≫
Produkt
android_vpn
Default Statusunknown
Version <=
6.4.5
Version
0
Status
affected
Herstellerthegreenbow
≫
Produkt
vpn_client_linux
Default Statusunknown
Version <=
3.4
Version
0
Status
affected
Herstellerthegreenbow
≫
Produkt
windows_standard_vpn
Default Statusunknown
Version <=
6.87.108
Version
0
Status
affected
Herstellerthegreenbow
≫
Produkt
windows_enterprise_vpn
Default Statusunknown
Version <=
7.5.007
Version
0
Status
affected
Herstellerthegreenbow
≫
Produkt
vpn_client_macos
Default Statusunknown
Version <=
2.4.10
Version
0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.378 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
https://thegreenbow.com
https://www.thegreenbow.com/en/support/security-alerts/#deeplink-17024