Security alerts

TheGreenBow VPN solutions are known for their robustness and security. We constantly monitor our products to anticipate as far as possible any potential security issues and to stay ahead of the latest threats. We closely follow the latest security trends by working in close collaboration with security companies and researchers.

We are also very attentive to feedback from our customers.
If you would like to notify us of a vulnerability, please contact us at: advisory@thegreenbow.com.

Security Patches

Security patch (CVE-2024-45750) for Windows Standard VPN Client version 6.87.x: download here
Security patch (CVE-2024-45750) for Windows Enterprise VPN Client version 7.5.x: download here
Security patch (CVE-2023-47267) for Windows Certified VPN Client version 6.52.006: download here
Security patch (reference TGB_2022_001) for Windows Certified VPN Client version 6.52.006: download here

Security notices and updates

If you would like to receive information on new vulnerabilities, please email us the contact details of your company’s or organization’s security officer to: referent@thegreenbow.com.

IMPACT
VULNERABILITY / SECURITY UPDATE
REFERENCE
Publication

IMPACT

medium
VULNERABILITY / SECURITY UPDATE

Malformed ECDSA signature accepted
REFERENCE

CVE-2024-45750
Publication

24/09/2024

Credit TheGreenBow
Detail During the IKEv2 Authentication phase, the VPN client accepts malformed ECDSA signatures and establishes the tunnel.
Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Affected product Windows Standard VPN Client 6.87.108 (and older) | Windows Enterprise VPN Client 6.87.109 (and older) | Windows Enterprise VPN Client 7.5.007 (and older) | Android VPN Client 6.4.5 (and older) | VPN Client Linux 3.4 (and older) | VPN Client MacOS 2.4.10 (and older)
Corrected software from version VPN Client Android 6.4 VPN Client macOS 2.5 VPN Client Linux 3.4 Ubuntu 22.04 VPN Client Linux 3.4 Red Hat 9 Patch Windows Standard VPN Client version 6.87.108 Windows Enterprise VPN Client version 7.5.109

IMPACT

high
VULNERABILITY / SECURITY UPDATE

Privilege Escalation To SYSTEM using memory mapped files
REFERENCE

CVE-2023-47267
Publication

30/11/2023

Credit Michelin
Detail A malware can use the VPN Client to write and delete a registry key allowing an execution with privilege escalation to SYSTEM.
Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Affected product Windows VPN Client 6.87 standard, 6.87 Enterprise and 6.52 (Certified)
Corrected software from version Windows Certified VPN Client version 6.52.006 Windows Enterprise VPN Client 6.87.109 Windows Standard VPN Client 6.87.108

IMPACT

low
VULNERABILITY / SECURITY UPDATE

OpenSSL security update
REFERENCE

TGB_2022_002
Publication

14/04/2022

Credit OpenSSL
Detail OpenSSL security update 1.1.1n (CVE-2022-0778)
Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Affected product Windows VPN Client 6.8
Corrected software from version Windows Enterprise VPN Client 6.87.108 Windows Standard VPN Client 6.87.108

IMPACT

medium
VULNERABILITY / SECURITY UPDATE

Risk of buffer overflow during license activation
REFERENCE

TGB_2022_001
Publication

14/04/2022

Credit Oppida
Detail An attacker able to intercept HTTP messages towards the license activation server, could insert a malicious payload and provoke a buffer overflow.
Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Patch version
Affected product Windows VPN Client 6.6, 6.8 et 6.52 (Certified)
Corrected software from version Windows Enterprise VPN Client 6.87.108 Windows Standard VPN Client 6.87.108 Windows Certified VPN Client 6.52 (patch 2, compatible with Microsoft Defender)

IMPACT

low
VULNERABILITY / SECURITY UPDATE

DOS on the configuration panel with an oversized administrator password.
REFERENCE

2019_6947
Publication

15/04/2019

Credit Oppida
Detail -
Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Affected product Client VPN Windows 5.22 (Certifié)
Corrected software from version Client VPN Windows 5.22.008 (Certifié)

IMPACT

low
VULNERABILITY / SECURITY UPDATE

Some padding bytes of the VPN configuration file signature can be patched.
REFERENCE

2019_6957
Publication

15/04/2019

Credit Oppida
Detail -
Exploitation No exploitation of this vulnerability was found.
Affected product Client VPN Windows 5.22, 6.50, 6.60
Corrected software from version Client VPN Windows 5.22.008 (Certified) Client VPN Windows 6.52.006 (Certified) Client VPN Windows 6.64

IMPACT

low
VULNERABILITY / SECURITY UPDATE

DOS while the software is in trace mode, with a UDP packet flood
REFERENCE

2018_7322
Publication

15/04/2019

Credit Oppida
Detail -
Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Affected product Client VPN Windows 5.22, 6.50, 6.60
Corrected software from version Windows VPN Client 5.22.008 (Certified) Windows VPN Client 6.52.006 (Certified) Windows VPN Client 6.64.003

IMPACT

medium
VULNERABILITY / SECURITY UPDATE

The VPN Client software accepts to authenticate the gateway even if no AUTH payload is received
REFERENCE

2018_6926
Publication

15/04/2019

Credit Oppida
Detail The client accepts IKE_AUTH messages that don't contain CERT and/or AUTH payloads. A Man-in-the-Middle attacker can take advantage of this behaviour in order to usurp the identity of the gateway and therefore undermine the integrity and the confidentiality of the data transmitted within the tunnel.
Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Affected product Client VPN Windows 5.22
Corrected software from version Windows VPN Client 5.22.008 (Certified)

IMPACT

medium
VULNERABILITY / SECURITY UPDATE

Certificate date validity can be bypassed through the use of GeneralizedTime format
REFERENCE

2018_7338
Publication

15/04/2019

Credit Oppida
Detail -
Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Affected product Client VPN Windows 5.22, 6.50, 6.60
Corrected software from version Client VPN Windows 5.22.008 (Certified) Client VPN Windows 6.52.006 (Certified) Client VPN Windows 6.64.003

IMPACT

medium
VULNERABILITY / SECURITY UPDATE

DOS upon malformed certificate reception
REFERENCE

2018_7323
Publication

15/04/2019

Credit Oppida
Detail The VPN Client is vulnerable to DOS via parsing of a malformed certificate coming from the gateway. The certificate can be truncated or contain an ASN.1 length larger than the size of the data.
Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Affected product Client VPN Windows 5.22, 6.50, 6.60
Corrected software from version Client VPN Windows 5.22.008 (Certified) Client VPN Windows 6.52.006 (Certified) Client VPN Windows 6.64.003

IMPACT

high
VULNERABILITY / SECURITY UPDATE

Possibility of a man-in-the-middle attack via the use of a CA stored in the Windows certificate store
REFERENCE

2018_7293
Publication

15/04/2019

Credit ANSSI
Detail -
Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Affected product Client VPN Windows 5.22, 6.50, 6.60
Corrected software from version Client VPN Windows 5.22.008 (Certified Client VPN Windows 6.52.006 (Certified Client VPN Windows 6.64

IMPACT

medium
VULNERABILITY / SECURITY UPDATE

DOS when managing certificate with special characters
REFERENCE

2018_6943
Publication

15/04/2019

Credit Oppida
Detail -
Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Affected product Client VPN Windows 5.22
Corrected software from version Client VPN Windows 5.22.008 (Certified)

IMPACT

low
VULNERABILITY / SECURITY UPDATE

Port 1194 always listening may be used to a DOS
REFERENCE

2018_7294
Publication

15/04/2019

Credit Oppida
Detail -
Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Affected product Client VPN Windows 6.50, 6.60
Corrected software from version Client VPN Windows 6.52.006 (Certified) Client VPN Windows 6.64

IMPACT

high
VULNERABILITY / SECURITY UPDATE

The embedded browser used for captive portal management in GINA mode allows a privilege escalation
REFERENCE

2018_7300
Publication

15/04/2019

Credit Oppida
Detail -
Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Affected product Windows VPN Client 6.50, 6.60
Corrected software from version Client VPN Windows 6.52.006 (Certified) Client VPN Windows 6.64.003

IMPACT

medium
VULNERABILITY / SECURITY UPDATE

DOS upon malformed SA reception
REFERENCE

2018_7324
Publication

15/04/2019

Credit Oppida
Detail -
Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Affected product Client VPN Windows 6.50, 6.60
Corrected software from version Client VPN Windows 6.52.006 (Certified) Client VPN Windows 6.64.003

IMPACT

medium
VULNERABILITY / SECURITY UPDATE

Configuration file signature bypass
REFERENCE

TGB_2019_6967
Publication

20/02/2019

Credit Synacktiv
Detail -
Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Affected product Client VPN Windows 6.4x and before
Corrected software from version Client VPN Windows 6.52.006 (Certified) Client VPN Windows 6.64.003

Security alerts

Security Patches

Security notices and updates

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

IMPACT

VULNERABILITY / SECURITY UPDATE

REFERENCE

Publication

Subscribe to our newsletter