{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-45750", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-26T19:02:46.569Z", "dateReserved": "2024-09-06T00:00:00", "datePublished": "2024-09-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-09-25T17:44:35.717372"}, "descriptions": [{"lang": "en", "value": "An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Client MacOS 2.4.10 (and older) allows a remote attacker to execute arbitrary code via the IKEv2 Authentication phase, it accepts malformed ECDSA signatures and establishes the tunnel."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://thegreenbow.com"}, {"url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-17024"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-287", "lang": "en", "description": "CWE-287 Improper Authentication"}]}], "affected": [{"vendor": "thegreenbow", "product": "android_vpn", "cpes": ["cpe:2.3:a:thegreenbow:android_vpn:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.4.5", "versionType": "custom"}]}, {"vendor": "thegreenbow", "product": "vpn_client_linux", "cpes": ["cpe:2.3:a:thegreenbow:vpn_client_linux:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.4", "versionType": "custom"}]}, {"vendor": "thegreenbow", "product": "windows_standard_vpn", "cpes": ["cpe:2.3:a:thegreenbow:windows_standard_vpn:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.87.108", "versionType": "custom"}]}, {"vendor": "thegreenbow", "product": "windows_enterprise_vpn", "cpes": ["cpe:2.3:a:thegreenbow:windows_enterprise_vpn:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "7.5.007", "versionType": "custom"}]}, {"vendor": "thegreenbow", "product": "vpn_client_macos", "cpes": ["cpe:2.3:a:thegreenbow:vpn_client_macos:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.4.10", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T18:48:36.428721Z", "id": "CVE-2024-45750", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T19:02:46.569Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-45750", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-26T18:48:36.428721Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:thegreenbow:android_vpn:*:*:*:*:*:*:*:*"], "vendor": "thegreenbow", "product": "android_vpn", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "6.4.5"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:thegreenbow:vpn_client_linux:*:*:*:*:*:*:*:*"], "vendor": "thegreenbow", "product": "vpn_client_linux", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:thegreenbow:windows_standard_vpn:*:*:*:*:*:*:*:*"], "vendor": "thegreenbow", "product": "windows_standard_vpn", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "6.87.108"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:thegreenbow:windows_enterprise_vpn:*:*:*:*:*:*:*:*"], "vendor": "thegreenbow", "product": "windows_enterprise_vpn", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "7.5.007"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:thegreenbow:vpn_client_macos:*:*:*:*:*:*:*:*"], "vendor": "thegreenbow", "product": "vpn_client_macos", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.4.10"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T18:49:32.215Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://thegreenbow.com"}, {"url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-17024"}], "descriptions": [{"lang": "en", "value": "An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Client MacOS 2.4.10 (and older) allows a remote attacker to execute arbitrary code via the IKEv2 Authentication phase, it accepts malformed ECDSA signatures and establishes the tunnel."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-09-25T17:44:35.717372"}}}, "cveMetadata": {"cveId": "CVE-2024-45750", "state": "PUBLISHED", "dateUpdated": "2024-09-26T19:02:46.569Z", "dateReserved": "2024-09-06T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-09-25T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Client MacOS 2.4.10 (and older) allows a remote attacker to execute arbitrary code via the IKEv2 Authentication phase, it accepts malformed ECDSA signatures and establishes the tunnel."}, {"lang": "es", "value": "Un problema en TheGreenBow Windows Standard VPN Client 6.87.108 (y anteriores), Windows Enterprise VPN Client 6.87.109 (y anteriores), Windows Enterprise VPN Client 7.5.007 (y anteriores), Android VPN Client 6.4.5 (y anteriores), VPN Client Linux 3.4 (y anteriores), VPN Client MacOS 2.4.10 (y anteriores) permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la fase de autenticaci\u00f3n IKEv2, acepta firmas ECDSA malformadas y establece el t\u00fanel."}], "id": "CVE-2024-45750", "lastModified": "2024-09-26T19:35:17.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-09-25T18:15:05.043", "references": [{"source": "cve@mitre.org", "url": "https://thegreenbow.com"}, {"source": "cve@mitre.org", "url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-17024"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}