Overview :

On February 19th, 2024, ConnectWise released a security advisory for its remote monitoring and management (RMM) software. The advisory highlighted two vulnerabilities that impact older versions of  ScreenConnect and have been mitigated in version 23.9.8 and later.

  • CVE-2024-1709 (CWE-288)— Authentication Bypass Using Alternate Path or Channel
    • Base CVSS score of 10 (Critical)
  • CVE-2024-1708 (CWE-22)— Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)
    • Base score of 8.4 (High Priority)

Cloud hosted implementations of ScreenConnect, including screenconnect.com and hostedrmm.com, have already received updates to address these vulnerabilities. Self-hosted (on-premise) instances remain at risk until they are manually upgraded. The ShadowServer project has identified over 3800 vulnerable instances of ScreenConnect or approximately 93 percent of the internet exposed install base.

On February 21st, security researchers at watchTowr Labs released a proof of concept (PoC) on GitHub that exploits these vulnerabilities and adds a new user to the compromised system. ConnectWise has also updated their initial report to include observed active exploitation in the wild of these vulnerabilities.

What you should do :

  • Confirm whether you have an on-premise deployment of ScreenConnect
    • If an on-premise version is present in your environment and is not on 23.9.8 or later, proceed to upgrade to the newest version.
    • If an on-premise version is present in your environment and already on 23.9.8 or later, you are not at risk and no further action is necessary.
  • If not on-premise and cloud hosted, you are not at risk and no further actions are necessary.
  • If your deployment is managed by a 3rd party vendor, confirm with them they have upgraded their instance to 23.9.8 or later.

References :

Vendor Sources

Government Sources

Third Party Sources

Contact us if you have any questions or concerns.

Latest Articles