Critical issues found in ConnectWise ScreenConnect, patch immediately

ConnectWise has urgently called for administrators of ScreenConnect to update their servers due to a critical severity remote code execution (RCE) vulnerability. ScreenConnect, is a remote desktop software that enables remote support, access, and meeting functionalities.

• CVE-2024-1709 (CVSS score 10) The critical vulnerability allows for remote code execution, and stems from an authentication bypass issue, enabling attackers to either access sensitive information or execute arbitrary code on affected servers without needing user interaction, through low-complexity attacks.
• CVE-2024-1708 (CVSS score 8.4) a path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems

ConnectWise has not yet assigned CVE IDs to these issues, it has released updates in ScreenConnect version 23.9.8 to address them. Customers using on-premise versions are urged to update immediately to safeguard against potential exploitation.

The vulnerabilities, reported on February 13, 2024, via the ConnectWise Trust Center, affect all servers running ScreenConnect version 23.9.7 or earlier. There's no current evidence that these flaws have been exploited in the wild. However, ConnectWise emphasizes the necessity for immediate updates to version 23.9.8 for on-premise installations

ScreenConnect cloud servers operated on screenconnect.com or hostedrmm.com have been secured against these vulnerabilities.

Huntress security researchers have developed a proof-of-concept exploit that can bypass authentication on servers that have not been updated. A search revealed over 8,800 vulnerable servers via the Censys platform, with Shodan listing more than 7,600 ScreenConnect servers—only 160 of which are running the secured version 23.9.8.