Vulnerabilities

CVE-2024-1709 ConnectWise ScreenConnect Authentication Bypass / CVE-2024-1708 ConnectWise ScreenConnect Path Traversal Vulnerabilities

This advisory is for organizations that use ConnectWise ScreenConnect for remote desktop and support activities.  This vulnerability does not affect cloud servers hosted in screenconnect.com or hostedrmm.com.

Summary

ConnectWise released patches to address two vulnerabilities found in on-premise servers which could be chained to allow an attacker to upload a malicious ScreenConnect extension and gain remote connect execution.

 

CVE-2024-1709– Authentication bypass using alternate path

                CVSSv3: 10.0

CVE-2024-1708 – Improper limitation pathname to restricted directory

               CVSSv3: 8.4

               

Affected Platforms

ConnectWise ScreenConnect 23.9.7 and earlier

 

Mitigations

Update servers to 23.9.8 https://docs.connectwise.com/ConnectWise_ScreenConnect_Documentation/On-premises/Get_started_with_ConnectWise_ScreenConnect_On-Premise/Upgrade_an_on-premises_installation

 

Additional Resources

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

https://news.sophos.com/en-us/2024/02/21/connectwise-sounds-the-alarm-on-two-vulnerabilities/