ConnectWise Releases Critical Security Update for ScreenConnect
Exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code
Summary
Exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
ConnectWise has released a security update addressing two vulnerabilities in on-premise ScreenConnect deployments. The update addresses a critical authentication bypass vulnerability, CVE-2024-1709, with a CVSSv3 score of 10.0 and a path traversal vulnerability, CVE-2024-1708, with a CVSSv3 score of 8.4.
A remote unauthenticated attacker could exploit these vulnerabilities to gain control of ScreenConnect accounts, read arbitrary files, gain root access on the underlying operating system, and execute remote code.
Vulnerabilities under active exploitation and public PoCs released
ConnectWise has confirmed reports that these vulnerabilities are being exploited in the wild to compromise ScreenConnect accounts.
Security researchers have also reported on public proof-of-concept exploit code.
Exploitation of these vulnerabilities is particularly trivial, and broader exploitation in the wild is assessed as highly likely.
Threat updates
| Date | Update |
|---|---|
| 22 Feb 2024 | Addition of CVE identifiers |
| 21 Feb 2024 | Cyber Alert has been elevated to High Severity |
| 21 Feb 2024 | Exploitation of vulnerabilities in ScreenConnect and proof-of-concept publicly available |
Remediation advice
Affected organisations are required to review the ConnectWise security advisory and apply the necessary updates as soon as possible.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 22 February 2024 1:00 pm