Shrew Soft VPN Client 2 contains a high-severity vulnerability that could allow an attacker to compromise secure remote access and gain elevated system rights.

This vulnerability in Shrew Soft VPN Client 2, which has a CVSS score of 7.8, typically involves issues with the service's handling of local system privileges or vulnerabilities in the IKE daemon. An attacker could exploit this to gain higher-level access to the host Windows machine.

A compromise of the VPN client can lead to the theft of VPN credentials and subsequent unauthorized access to the corporate internal network. The 7.8 CVSS score indicates a high risk, particularly for organizations that still rely on this legacy client for IPsec VPN connectivity.

Immediate Action: Replace Shrew Soft VPN Client 2 with a modern, supported IPsec client or migrate to a different VPN technology (such as WireGuard or OpenVPN) that is actively maintained.

Proactive Monitoring: Check for unauthorized modifications to the Windows Registry or the VPN client's configuration files that could indicate an exploitation attempt.

Compensating Controls: Use strict network segmentation and Multi-Factor Authentication (MFA) at the VPN gateway to limit the impact of a compromised endpoint.

Public Exploit Available: false

The 7.8 CVSS score and the legacy status of Shrew Soft VPN Client 2 make it a significant liability. Security teams should prioritize the decommissioning of this software across the enterprise and transition users to modern, secure remote access alternatives.