MidnightBSD

Advisories for thegreenbow

CVE-2010-0392 HIGH

Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file, related to "phase 2."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
thegreenbow ipsec_vpn_client 4.65.003
thegreenbow ipsec_vpn_client 4.51.001
CVE-2023-47267

An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
thegreenbow windows_enterprise_vpn 6.87
thegreenbow windows_standard_vpn 6.87
thegreenbow thegreenbow_vpn_client *
thegreenbow windows_enterprise_certified_vpn 6.52