Security News > 2024 > February > ScreenConnect critical bug now under attack as exploit code emerges
CISA has assigned CVE-2024-1708 and CVE-2024-1709 identifiers to the the two security issues, which the vendor assessed as a maximum severity authentication bypass and a high-severity path traversal flaw that impact ScreenConnect servers 23.9.7 and earlier.
Threat actors have compromised multiple ScreenConnect accounts, as confirmed by the company in an update to its advisory, based on incident response investigations.
Because the setup wizard allowed it, a user could create a new administrator account and use it to take control of the ScreenConnect instance.
Leveraging the path traversal bug is possible with the help of another specially crafted request that allows accessing or modifying files outside the intended restricted directory.
Exploit released for Fortra GoAnywhere MFT auth bypass bug.
ConnectWise urges ScreenConnect admins to patch critical RCE flaw.
News URL
Related news
- Exploit available for new critical TeamCity auth bypass bug, patch now (source)
- FBI: Critical infrastructure suffers spike in ransomware attacks (source)
- Public anxiety mounts over critical infrastructure resilience to cyber attacks (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Cyber attacks on critical infrastructure show advanced tactics and new capabilities (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Critical Rust flaw enables Windows command injection attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-21 | CVE-2024-1709 | Unspecified vulnerability in Connectwise Screenconnect 23.8.4/23.8.5 ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | 10.0 |
| 2024-02-21 | CVE-2024-1708 | Path Traversal vulnerability in Connectwise Screenconnect 23.8.4/23.8.5 ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. | 8.4 |