CVE-2024-45750
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on affected TheGreenBow VPN clients by sending malformed ECDSA signatures during IKEv2 authentication. Attackers can exploit this to take full control of systems running vulnerable VPN clients. All users of TheGreenBow VPN clients across Windows, Android, Linux, and macOS platforms with specified versions are affected.
💻 Affected Systems
- TheGreenBow Windows Standard VPN Client
- TheGreenBow Windows Enterprise VPN Client
- TheGreenBow Android VPN Client
- TheGreenBow VPN Client Linux
- TheGreenBow VPN Client MacOS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with remote code execution, allowing attackers to install malware, steal credentials, pivot to internal networks, and maintain persistent access.
Likely Case
Remote code execution leading to data exfiltration, credential theft, and lateral movement within the network.
If Mitigated
Limited impact if VPN clients are isolated or network segmentation prevents lateral movement, though the initial system remains compromised.
🎯 Exploit Status
Exploitation requires sending malformed signatures during IKEv2 authentication, which is a standard protocol phase. No authentication is needed to initiate the attack.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://www.thegreenbow.com/en/support/security-alerts/#deeplink-17024
Restart Required: Yes
Instructions:
1. Visit the vendor advisory URL. 2. Identify the latest patched version for your product. 3. Download and install the update from the official vendor website. 4. Restart the system to apply changes.
🔧 Temporary Workarounds
Disable IKEv2 Authentication
allSwitch to alternative authentication methods if supported (e.g., IKEv1 with different signature algorithms).
Network Segmentation
allIsolate VPN clients from critical internal resources using firewalls or network segmentation.
🧯 If You Can't Patch
- Disconnect vulnerable VPN clients from networks until patched.
- Implement strict network monitoring for unusual IKEv2 authentication attempts.
🔍 How to Verify
Check if Vulnerable:
Check the installed version of TheGreenBow VPN client against the affected version list. If using an affected version, the system is vulnerable.Check Version:
On Windows: Check 'About' in the VPN client GUI or examine installed programs. On Linux/macOS: Check package manager or application version info.Verify Fix Applied:
After updating, verify the installed version matches or exceeds the patched version specified in the vendor advisory.📡 Detection & Monitoring
Log Indicators:
- Failed IKEv2 authentication attempts with malformed signatures
- Unexpected VPN connection drops or errors
Network Indicators:
- Unusual IKEv2 traffic patterns from untrusted sources
- Spike in authentication phase traffic
SIEM Query:
Search for IKEv2 authentication failures or VPN client crashes in system logs.