Security News > 2024 > February > Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)

The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw.

ConnectWise has also released a newer version of ScreenConnect, which contains the fixes for the two flaws and other non-security fixes but - more crucially - customers no longer under maintenance can upgrade to it to protect themselves against exploitation.

ConnectWise shared the existence of the two flaws on Monday, when it said that they've been reported through their vulnerability disclosure channel via the ConnectWise Trust Center, and urged customers that are self-hosted or on-premise to update their servers to version 23.9.8 as soon as possible.

The Shadowserver Foundation says there are around 3800 vulnerable ConnectWise ScreenConnect instances and that they are picking up the initial exploit request in their honeypot sensors.

ALL ConnectWise ScreenConnect customers can now upgrade to a fixed version - v23.9.10.8817 - and should do it immediately.

ConnectWise has also provided advice for customers who suspect that they have been compromised via CVE-2024-1709: they should upgrade their ScreenConnect installation and, after logging in, they should check for malicious commands/tools or connections by using the Report Manager extension.

News URL

https://www.helpnetsecurity.com/2024/02/22/cve-2024-1709-cve-2024-1708/