This advisory is for organizations that use ConnectWise ScreenConnect for remote desktop and support activities. This vulnerability does not affect cloud servers hosted in screenconnect.com or hostedrmm.com.
Summary
ConnectWise released patches to address two vulnerabilities found in on-premise servers which could be chained to allow an attacker to upload a malicious ScreenConnect extension and gain remote connect execution.
CVE-2024-1709– Authentication bypass using alternate path
CVSSv3: 10.0
CVE-2024-1708 – Improper limitation pathname to restricted directory
CVSSv3: 8.4
Affected Platforms
ConnectWise ScreenConnect 23.9.7 and earlier
Mitigations
Update servers to 23.9.8 https://docs.connectwise.com/ConnectWise_ScreenConnect_Documentation/On-premises/Get_started_with_ConnectWise_ScreenConnect_On-Premise/Upgrade_an_on-premises_installation
Additional Resources
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
https://news.sophos.com/en-us/2024/02/21/connectwise-sounds-the-alarm-on-two-vulnerabilities/