CVE-2024-1708

Description

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.

References

https://securelist.com/vulnerability-report-q1-2024/112554/

https://www.theregister.com/2024/05/06/cisa_alert_dt_bugs/

https://www.bleepingcomputer.com/news/security/cisa-urges-software-devs-to-weed-out-path-traversal-vulnerabilities/?&web_view=true

https://www.bleepingcomputer.com/news/security/cisa-urges-software-devs-to-weed-out-path-traversal-vulnerabilities/

https://www.bleepingcomputer.com/news/security/ransomware-payments-drop-to-record-low-of-28-percent-in-q1-2024/

https://cyware.com/news/kimsuky-exploits-screenconnect-bugs-drops-toddlershark-71d14404/?&web_view=true

https://www.bleepingcomputer.com/news/security/screenconnect-flaws-exploited-to-drop-new-toddleshark-malware/?&web_view=true

https://www.bleepingcomputer.com/news/security/screenconnect-flaws-exploited-to-drop-new-toddlershark-malware/

https://www.bleepingcomputer.com/news/security/screenconnect-flaws-exploited-to-drop-new-toddleshark-malware/

https://securityaffairs.com/159640/cyber-crime/black-basta-bl00dy-ransomware-connectwise-screenconnect.html

https://www.hivepro.com/threat-digest/attacks-vulnerabilities-and-actors-19-to-25-february-2024/

https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html

https://thecyberthrone.in/2024/02/26/connectwise-critical-vulnerability-cve-2024-1709/

https://www.hivepro.com/threat-advisory/critical-vulnerabilities-in-screenconnect-under-active-exploitation/

https://securityaffairs.com/159511/hacking/cisa-connectwise-screenconnect-known-exploited-vulnerabilities-catalog.html

https://www.mandiant.com/resources/blog/connectwise-screenconnect-hardening-remediation

https://arstechnica.com/security/2024/02/ransomware-associated-with-lockbit-still-spreading-2-days-after-server-takedown/

https://www.bleepingcomputer.com/news/security/screenconnect-critical-bug-now-under-attack-as-exploit-code-emerges/

https://www.tenable.com/blog/frequently-asked-questions-about-connectwise-screenconnect-vulnerabilities

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3