Security News > 2024 > February > ScreenConnect critical bug now under attack as exploit code emerges
CISA has assigned CVE-2024-1708 and CVE-2024-1709 identifiers to the the two security issues, which the vendor assessed as a maximum severity authentication bypass and a high-severity path traversal flaw that impact ScreenConnect servers 23.9.7 and earlier.
Threat actors have compromised multiple ScreenConnect accounts, as confirmed by the company in an update to its advisory, based on incident response investigations.
Because the setup wizard allowed it, a user could create a new administrator account and use it to take control of the ScreenConnect instance.
Leveraging the path traversal bug is possible with the help of another specially crafted request that allows accessing or modifying files outside the intended restricted directory.
Exploit released for Fortra GoAnywhere MFT auth bypass bug.
ConnectWise urges ScreenConnect admins to patch critical RCE flaw.
News URL
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- Critical security hole in Apache Struts under exploit (source)
- Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits (source)
- Adobe warns of critical ColdFusion bug with PoC exploit code (source)
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-21 | CVE-2024-1709 | Unspecified vulnerability in Connectwise Screenconnect 22.7/23.8.4/23.8.5 ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | 10.0 |
| 2024-02-21 | CVE-2024-1708 | Path Traversal vulnerability in Connectwise Screenconnect 22.7/23.8.4/23.8.5 ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. | 8.4 |