Detections
Analytics

CVE-2024-1709

critical

Description

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

References

https://securelist.com/vulnerability-report-q1-2024/112554/

https://www.hackread.com/androxgh0st-malware-servers-botnets-attacks/?web_view=true

https://veriti.ai/blog/vulnerable-villain-when-hackers-get-hacked/

https://thecyberthrone.in/2024/03/26/chinese-threat-actors-exploiting-connectwise-f5-vulnerabilities/

https://therecord.media/chinese-government-hacker-exploiting-bugs-to-target-defense-government-sectors?&web_view=true

https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect

https://www.scmagazine.com/news/north-koreas-kimsuky-gang-joins-rush-to-exploit-new-screenconnect-bugs

https://cyware.com/news/kimsuky-exploits-screenconnect-bugs-drops-toddlershark-71d14404/?&web_view=true

https://www.bleepingcomputer.com/news/security/screenconnect-flaws-exploited-to-drop-new-toddleshark-malware/?&web_view=true

https://www.bleepingcomputer.com/news/security/screenconnect-flaws-exploited-to-drop-new-toddlershark-malware/

https://www.bleepingcomputer.com/news/security/screenconnect-flaws-exploited-to-drop-new-toddleshark-malware/

https://www.rapid7.com/blog/post/2024/03/01/metasploit-weekly-wrap-up-03-01-2024/

https://www.bleepingcomputer.com/news/security/ransomware-gang-claims-they-stole-6tb-of-change-healthcare-data/?&web_view=true

https://www.bleepingcomputer.com/news/security/ransomware-gang-claims-they-stole-6tb-of-change-healthcare-data/

https://www.bleepingcomputer.com/news/security/black-basta-bl00dy-ransomware-gangs-join-screenconnect-attacks/?&web_view=true

https://securityaffairs.com/159640/cyber-crime/black-basta-bl00dy-ransomware-connectwise-screenconnect.html

https://www.bleepingcomputer.com/news/security/fbi-cisa-warn-us-hospitals-of-targeted-blackcat-ransomware-attacks/

https://www.bleepingcomputer.com/news/security/black-basta-bl00dy-ransomware-gangs-join-screenconnect-attacks/

https://www.hivepro.com/threat-digest/attacks-vulnerabilities-and-actors-19-to-25-february-2024/

https://www.bleepingcomputer.com/news/security/unitedhealth-subsidiary-optum-hack-linked-to-blackcat-ransomware/

https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html

https://thecyberthrone.in/2024/02/26/connectwise-critical-vulnerability-cve-2024-1709/

https://www.bleepingcomputer.com/news/security/new-screenconnect-rce-flaw-exploited-in-ransomware-attacks/?&web_view=true

https://www.hivepro.com/threat-advisory/critical-vulnerabilities-in-screenconnect-under-active-exploitation/

https://securityaffairs.com/159511/hacking/cisa-connectwise-screenconnect-known-exploited-vulnerabilities-catalog.html

https://www.securityweek.com/slashandgrab-screenconnect-vulnerability-widely-exploited-for-malware-delivery/

https://www.mandiant.com/resources/blog/connectwise-screenconnect-hardening-remediation

https://arstechnica.com/security/2024/02/ransomware-associated-with-lockbit-still-spreading-2-days-after-server-takedown/

https://www.bleepingcomputer.com/news/security/new-screenconnect-rce-flaw-exploited-in-ransomware-attacks/

https://www.scmagazine.com/news/connectwise-exploit-could-spur-ransomware-free-for-all-expert-warns

https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/

https://www.bleepingcomputer.com/news/security/screenconnect-critical-bug-now-under-attack-as-exploit-code-emerges/

https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

https://www.tenable.com/blog/frequently-asked-questions-about-connectwise-screenconnect-vulnerabilities

https://www.rapid7.com/blog/post/2024/02/20/etr-high-risk-vulnerabilities-in-connectwise-screenconnect/

https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/

https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8

https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2

https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/

https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/

https://github.com/rapid7/metasploit-framework/pull/18870

Details

Source: Mitre, NVD

Published: 2024-02-21

Updated: 2024-02-23

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: Critical