Detections
Analytics

CVE-2024-1709

critical

Description

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

References

https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8

https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/

https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/

https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/

https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/

https://github.com/rapid7/metasploit-framework/pull/18870

https://thehackernews.com/2025/05/connectwise-hit-by-cyberattack-nation.html

https://securityaffairs.com/178442/hacking/connectwise-cyberattack-sophisticated-nation-state-actor.html

https://www.bleepingcomputer.com/news/security/connectwise-breached-in-cyberattack-linked-to-nation-state-hackers/

https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures

https://www.theregister.com/2025/03/13/medusa_ransomware_infects_300_critical/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a

https://securelist.com/vulnerabilities-and-exploits-in-q4-2024/115761/

https://www.helpnetsecurity.com/2025/02/13/sandworm-apts-initial-access-subgroup-hits-organizations-accross-the-globe/

https://hackread.com/microsoft-badpilot-campaign-seashell-blizzard-usa-uk/

https://www.theregister.com/2025/02/12/russias_sandworm_caught_stealing_credentials/

https://www.securityweek.com/russian-seashell-blizzard-hackers-gain-maintain-access-to-high-value-targets-microsoft/

https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/

https://www.darkreading.com/threat-intelligence/microsoft-russian-sandworm-apt-exploits-edge-bugs-globally

https://www.bleepingcomputer.com/news/security/badpilot-network-hacking-campaign-fuels-russian-sandworm-attacks/

https://therecord.media/sandworm-subgroup-russia-europe

https://thehackernews.com/2025/02/microsoft-uncovers-sandworm-subgroups.html

https://arcticwolf.com/resources/blog-uk/arctic-wolf-observes-campaign-exploiting-simplehelp-rmm-software-initial-access/

https://securelist.com/vulnerability-exploit-report-q2-2024/113455/

https://www.cisa.gov/sites/default/files/2024-05/aa24-131a-joint-csa-stopransomware-black-basta_1.pdf

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a

https://securelist.com/vulnerability-report-q1-2024/112554/

https://veriti.ai/blog/vulnerable-villain-when-hackers-get-hacked/

https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect

https://www.bleepingcomputer.com/news/security/screenconnect-flaws-exploited-to-drop-new-toddleshark-malware/

https://securityaffairs.com/159640/cyber-crime/black-basta-bl00dy-ransomware-connectwise-screenconnect.html

https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html

https://www.securityweek.com/slashandgrab-screenconnect-vulnerability-widely-exploited-for-malware-delivery/

https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/

https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

https://arstechnica.com/security/2024/05/black-basta-ransomware-group-is-imperiling-critical-infrastructure-groups-warn/

https://thehackernews.com/2024/03/china-linked-group-breaches-networks.html

https://www.mandiant.com/resources/blog/connectwise-screenconnect-hardening-remediation

https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc

Details

Source: Mitre, NVD

Published: 2024-02-21

Updated: 2025-01-27

Named Vulnerability: SlashAndGrabNamed Vulnerability: ScreenConnect VulnerabilityNamed Vulnerability: EvilConwiNamed Vulnerability: ConnectWise ScreenConnectKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 10

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Severity: Critical

EPSS

EPSS: 0.94338

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability of Concern