Security alerts

TheGreenBow VPN solutions are known for their robustness and security. We constantly monitor our products to anticipate as far as possible any potential security issues and to stay ahead of the latest threats. We closely follow the latest security trends by working in close collaboration with security companies and researchers.

We are also very attentive to feedback from our customers.
If you would like to notify us of a vulnerability, please contact us at: advisory@thegreenbow.com.

Security notices and updates

If you would like to receive information on new vulnerabilities, please email us the contact details of your company’s or organization’s security officer to: referent@thegreenbow.com.

  • IMPACT

  • VULNERABILITY / SECURITY UPDATE

  • REFERENCE

  • Publication

  • IMPACT

    low

  • VULNERABILITY / SECURITY UPDATE

    DOS on the configuration panel with an oversized administrator password.

  • REFERENCE

    2019_6947

  • Publication

    15/04/2019

  • Credit Oppida
  • Detail -
  • Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
  • Affected product Client VPN Windows 5.22 (Certifié)
  • Corrected software from version Client VPN Windows 5.22.008 (Certifié)
  • IMPACT

    low

  • VULNERABILITY / SECURITY UPDATE

    Some padding bytes of the VPN configuration file signature can be patched.

  • REFERENCE

    2019_6957

  • Publication

    15/04/2019

  • Credit Oppida
  • Detail -
  • Exploitation No exploitation of this vulnerability was found.
  • Affected product Client VPN Windows 5.22, 6.50, 6.60
  • Corrected software from version Client VPN Windows 5.22.008 (Certified) Client VPN Windows 6.52.006 (Certified) Client VPN Windows 6.64
  • IMPACT

    low

  • VULNERABILITY / SECURITY UPDATE

    DOS while the software is in trace mode, with a UDP packet flood

  • REFERENCE

    2018_7322

  • Publication

    15/04/2019

  • Credit Oppida
  • Detail -
  • Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
  • Affected product Client VPN Windows 5.22, 6.50, 6.60
  • Corrected software from version Windows VPN Client 5.22.008 (Certified) Windows VPN Client 6.52.006 (Certified) Windows VPN Client 6.64.003
  • IMPACT

    medium

  • VULNERABILITY / SECURITY UPDATE

    The VPN Client software accepts to authenticate the gateway even if no AUTH payload is received

  • REFERENCE

    2018_6926

  • Publication

    15/04/2019

  • Credit Oppida
  • Detail The client accepts IKE_AUTH messages that don't contain CERT and/or AUTH payloads. A Man-in-the-Middle attacker can take advantage of this behaviour in order to usurp the identity of the gateway and therefore undermine the integrity and the confidentiality of the data transmitted within the tunnel.
  • Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
  • Affected product Client VPN Windows 5.22
  • Corrected software from version Windows VPN Client 5.22.008 (Certified)
  • IMPACT

    medium

  • VULNERABILITY / SECURITY UPDATE

    Certificate date validity can be bypassed through the use of GeneralizedTime format

  • REFERENCE

    2018_7338

  • Publication

    15/04/2019

  • Credit Oppida
  • Detail -
  • Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
  • Affected product Client VPN Windows 5.22, 6.50, 6.60
  • Corrected software from version Client VPN Windows 5.22.008 (Certified) Client VPN Windows 6.52.006 (Certified) Client VPN Windows 6.64.003
  • IMPACT

    medium

  • VULNERABILITY / SECURITY UPDATE

    DOS upon malformed certificate reception

  • REFERENCE

    2018_7323

  • Publication

    15/04/2019

  • Credit Oppida
  • Detail The VPN Client is vulnerable to DOS via parsing of a malformed certificate coming from the gateway. The certificate can be truncated or contain an ASN.1 length larger than the size of the data.
  • Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
  • Affected product Client VPN Windows 5.22, 6.50, 6.60
  • Corrected software from version Client VPN Windows 5.22.008 (Certified) Client VPN Windows 6.52.006 (Certified) Client VPN Windows 6.64.003
  • IMPACT

    high

  • VULNERABILITY / SECURITY UPDATE

    Possibility of a man-in-the-middle attack via the use of a CA stored in the Windows certificate store

  • REFERENCE

    2018_7293

  • Publication

    15/04/2019

  • Credit ANSSI
  • Detail -
  • Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
  • Affected product Client VPN Windows 5.22, 6.50, 6.60
  • Corrected software from version Client VPN Windows 5.22.008 (Certified Client VPN Windows 6.52.006 (Certified Client VPN Windows 6.64
  • IMPACT

    medium

  • VULNERABILITY / SECURITY UPDATE

    DOS when managing certificate with special characters

  • REFERENCE

    2018_6943

  • Publication

    15/04/2019

  • Credit Oppida
  • Detail -
  • Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
  • Affected product Client VPN Windows 5.22
  • Corrected software from version Client VPN Windows 5.22.008 (Certified)
  • IMPACT

    low

  • VULNERABILITY / SECURITY UPDATE

    Port 1194 always listening may be used to a DOS

  • REFERENCE

    2018_7294

  • Publication

    15/04/2019

  • Credit Oppida
  • Detail -
  • Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
  • Affected product Client VPN Windows 6.50, 6.60
  • Corrected software from version Client VPN Windows 6.52.006 (Certified) Client VPN Windows 6.64
  • IMPACT

    high

  • VULNERABILITY / SECURITY UPDATE

    The embedded browser used for captive portal management in GINA mode allows a privilege escalation

  • REFERENCE

    2018_7300

  • Publication

    15/04/2019

  • Credit Oppida
  • Detail -
  • Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
  • Affected product Windows VPN Client 6.50, 6.60
  • Corrected software from version Client VPN Windows 6.52.006 (Certified) Client VPN Windows 6.64.003
  • IMPACT

    medium

  • VULNERABILITY / SECURITY UPDATE

    DOS upon malformed SA reception

  • REFERENCE

    2018_7324

  • Publication

    15/04/2019

  • Credit Oppida
  • Detail -
  • Exploitation TheGreenBow is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
  • Affected product Client VPN Windows 6.50, 6.60
  • Corrected software from version Client VPN Windows 6.52.006 (Certified) Client VPN Windows 6.64.003

Subscribe to our newsletter

Newsletter

X