A critical vulnerability affecting ConnectWise’s ScreenConnect remote desktop access product has been exploited widely, leading to the delivery of ransomware and other malware. ConnectWise issued patches for the flaw, which allows an authentication bypass (CVE-2024-1709) and a path traversal issue (CVE-2024-1708), after being notified of in-the-wild exploitation attempts. Dubbed SlashAndGrab by Huntress, the flaws enable attackers to create administrator accounts and execute arbitrary code. Reports indicate widespread exploitation of CVE-2024-1709, with victims including local governments, emergency systems, and healthcare organizations. Sophos observed the delivery of LockBit ransomware, AsyncRAT, infostealers, and other tools via the vulnerability. The Shadowserver Foundation identified over 8,200 vulnerable instances of ScreenConnect, with the majority in the United States. CISA has included CVE-2024-1709 in its Known Exploited Vulnerabilities Catalog, highlighting its use in ransomware attacks.

Read more: https://www.securityweek.com/slashandgrab-screenconnect-vulnerability-widely-exploited-for-malware-delivery/