CVE-2024-45750 is a critical vulnerability identified in multiple versions of TheGreenBow VPN clients, including Windows Standard (≤6.87.108), Windows Enterprise (≤6.87.109 and ≤7.5.007), Android (≤6.4.5), Linux (≤3.4), and MacOS (≤2.4.10) editions. The vulnerability lies in the IKEv2 (Internet Key Exchange version 2) authentication phase, where the VPN client improperly validates ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Specifically, the client accepts malformed or invalid ECDSA signatures during the authentication handshake, which should normally be rejected. This flaw allows a remote unauthenticated attacker to establish a VPN tunnel by bypassing authentication checks and subsequently execute arbitrary code on the client system. The vulnerability is classified under CWE-287 (Improper Authentication), indicating a failure to properly verify credentials. The CVSS v3.1 base score is 7.3 (High), reflecting network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability (C:L/I:L/A:L). No public exploits or active exploitation in the wild have been reported yet, but the potential for remote code execution without user interaction makes this a critical threat for organizations using affected VPN clients. The lack of available patches at the time of disclosure necessitates immediate risk mitigation and monitoring.

The vulnerability allows remote attackers to bypass authentication and execute arbitrary code on affected VPN clients, compromising the confidentiality, integrity, and availability of VPN communications. This can lead to unauthorized access to internal networks, interception or manipulation of sensitive data, and potential lateral movement within enterprise environments. Organizations relying on TheGreenBow VPN clients for secure remote access, especially in sectors like government, finance, healthcare, and critical infrastructure, face elevated risks of data breaches and operational disruption. The ability to exploit this vulnerability without authentication or user interaction increases the attack surface and likelihood of exploitation. Additionally, compromised VPN clients could serve as footholds for further attacks, including deployment of malware or ransomware. The absence of known exploits currently provides a limited window for proactive defense, but the severity and ease of exploitation warrant urgent attention.

1. Immediately inventory all TheGreenBow VPN clients in use across all platforms to identify affected versions. 2. Monitor official TheGreenBow communications and CVE databases for patches or updates addressing CVE-2024-45750 and apply them promptly upon release. 3. Until patches are available, restrict VPN client access to trusted networks and IP addresses using firewall rules to limit exposure to potential attackers. 4. Implement network-level intrusion detection and prevention systems (IDS/IPS) to monitor for anomalous IKEv2 authentication attempts or malformed ECDSA signatures. 5. Enforce multi-factor authentication (MFA) where possible to add an additional layer of security beyond the vulnerable VPN client authentication. 6. Educate users and administrators about the vulnerability and encourage vigilance for suspicious VPN behavior or unexpected connection attempts. 7. Consider temporary alternative secure VPN solutions if patching is delayed or if risk tolerance is low. 8. Conduct regular security audits and penetration testing focused on VPN infrastructure to detect potential exploitation attempts early.