CVE-2024-45750

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Sep 25, 2024

Updated: Sep 26, 2024

CWE ID 287

Summary

CVE-2024-45750 is a newly disclosed vulnerability affecting various VPN clients developed by TheGreenBow. The issue lies in their IKEv2 Authentication phase, where these clients accept malformed ECDSA signatures. Consequently, a remote attacker can exploit this vulnerability to execute arbitrary code, posing a significant risk to users of TheGreenBow Windows Standard VPN Client 6.87.108 and older, Windows Enterprise VPN Client 6.87.109 and older, Windows Enterprise VPN Client 7.5.007 and older, Android VPN Client 6.4.5 and older, VPN Client Linux 3.4 and older, and VPN Client MacOS 2.4.10 and older. Users are strongly advised to update their VPN clients as soon as possible to mitigate the risk of this critical vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-45750

CVSS 3.1 Score 7.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations