Security News > 2024 > February > Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)
2024-02-22 10:19

The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw.

ConnectWise has also released a newer version of ScreenConnect, which contains the fixes for the two flaws and other non-security fixes but - more crucially - customers no longer under maintenance can upgrade to it to protect themselves against exploitation.

ConnectWise shared the existence of the two flaws on Monday, when it said that they've been reported through their vulnerability disclosure channel via the ConnectWise Trust Center, and urged customers that are self-hosted or on-premise to update their servers to version 23.9.8 as soon as possible.

The Shadowserver Foundation says there are around 3800 vulnerable ConnectWise ScreenConnect instances and that they are picking up the initial exploit request in their honeypot sensors.

ALL ConnectWise ScreenConnect customers can now upgrade to a fixed version - v23.9.10.8817 - and should do it immediately.

ConnectWise has also provided advice for customers who suspect that they have been compromised via CVE-2024-1709: they should upgrade their ScreenConnect installation and, after logging in, they should check for malicious commands/tools or connections by using the Report Manager extension.


News URL

https://www.helpnetsecurity.com/2024/02/22/cve-2024-1709-cve-2024-1708/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-02-21 CVE-2024-1709 Unspecified vulnerability in Connectwise Screenconnect 22.7/23.8.4/23.8.5
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
network
low complexity
connectwise
critical
10.0
2024-02-21 CVE-2024-1708 Path Traversal vulnerability in Connectwise Screenconnect 22.7/23.8.4/23.8.5
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.
network
low complexity
connectwise CWE-22
8.4

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Connectwise 8 0 10 10 6 26