Vulnerability Details CVE-2024-1709
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.943
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 10.0
Proposed Action
ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.
Ransomware Campaign
Known
References
- https://github.com/rapid7/metasploit-framework/pull/18870
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
- https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/
- https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
- https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
- https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
- https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
- https://github.com/rapid7/metasploit-framework/pull/18870
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
- https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/
- https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
- https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
- https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
- https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
Products affected by CVE-2024-1709
-
cpe:2.3:a:connectwise:screenconnect:-
-
cpe:2.3:a:connectwise:screenconnect:22.7
-
cpe:2.3:a:connectwise:screenconnect:23.8.4
-
cpe:2.3:a:connectwise:screenconnect:23.8.5