CVE-2024-45750

An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Client MacOS 2.4.10 (and older) allows a remote attacker to execute arbitrary code via the IKEv2 Authentication phase, it accepts malformed ECDSA signatures and establishes the tunnel.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://thegreenbow.com
https://www.thegreenbow.com/en/support/security-alerts/#deeplink-17024

Configurations

No configuration.

History

26 Sep 2024, 19:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.3
CWE		CWE-287

26 Sep 2024, 13:32

Type	Values Removed	Values Added
Summary		(es) Un problema en TheGreenBow Windows Standard VPN Client 6.87.108 (y anteriores), Windows Enterprise VPN Client 6.87.109 (y anteriores), Windows Enterprise VPN Client 7.5.007 (y anteriores), Android VPN Client 6.4.5 (y anteriores), VPN Client Linux 3.4 (y anteriores), VPN Client MacOS 2.4.10 (y anteriores) permite a un atacante remoto ejecutar código arbitrario a través de la fase de autenticación IKEv2, acepta firmas ECDSA malformadas y establece el túnel.

25 Sep 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-25 18:15

Updated : 2024-09-26 19:35

NVD link : CVE-2024-45750

Mitre link : CVE-2024-45750

CVE.ORG link : CVE-2024-45750

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

{"id": "CVE-2024-45750", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}]}, "published": "2024-09-25T18:15:05.043", "references": [{"url": "https://thegreenbow.com", "source": "cve@mitre.org"}, {"url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-17024", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Client MacOS 2.4.10 (and older) allows a remote attacker to execute arbitrary code via the IKEv2 Authentication phase, it accepts malformed ECDSA signatures and establishes the tunnel."}, {"lang": "es", "value": "Un problema en TheGreenBow Windows Standard VPN Client 6.87.108 (y anteriores), Windows Enterprise VPN Client 6.87.109 (y anteriores), Windows Enterprise VPN Client 7.5.007 (y anteriores), Android VPN Client 6.4.5 (y anteriores), VPN Client Linux 3.4 (y anteriores), VPN Client MacOS 2.4.10 (y anteriores) permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la fase de autenticaci\u00f3n IKEv2, acepta firmas ECDSA malformadas y establece el t\u00fanel."}], "lastModified": "2024-09-26T19:35:17.850", "sourceIdentifier": "cve@mitre.org"}

7.3 /10