Start your day with intelligence. Get The OODA Daily Pulse.

ScreenConnect Flaws Exploited to Deliver All Kinds of Malware (CVE-2024-1709, CVE-2024-1708)

ConnectWise ScreenConnect is a remote desktop solution consisting of server and client elements (applications). This makes it a popular solution for offering technical assistance or for remotely managing data centers. However, this is also what makes it a popular solution for attackers, who exploit it to easily access and compromise a great number of enterprise endpoints. The vulnerabilities affect the server component of ConnectWise ScreenConnect, version 23.9.7 and prior. CVE-2024-1709 is an authentication bypass vulnerability that allows attackers to create system admin accounts on vulnerable instances and use them for their own malicious ends. CVE-2024-1708 is a path traversal vulnerability that allows attackers to remotely execute code on vulnerable instances. ConnectWise patched its cloud environments and all cloud instances within two days of being aware of the vulnerabilities and urged ScreenConnect customers to immediately upgrade their on-premises instances to a version with the fixes. 

Read more: https://www.helpnetsecurity.com/2024/02/26/cve-2024-1709-exploited/

Tagged: vulnerabilities