CVE-2024-1709

Description

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

References

https://securelist.com/vulnerability-exploit-report-q2-2024/113455/

https://arstechnica.com/security/2024/05/black-basta-ransomware-group-is-imperiling-critical-infrastructure-groups-warn/

https://www.cisa.gov/sites/default/files/2024-05/aa24-131a-joint-csa-stopransomware-black-basta_1.pdf

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a

https://securelist.com/vulnerability-report-q1-2024/112554/

https://veriti.ai/blog/vulnerable-villain-when-hackers-get-hacked/

https://thehackernews.com/2024/03/china-linked-group-breaches-networks.html

https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect

https://www.bleepingcomputer.com/news/security/screenconnect-flaws-exploited-to-drop-new-toddleshark-malware/

https://securityaffairs.com/159640/cyber-crime/black-basta-bl00dy-ransomware-connectwise-screenconnect.html

https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html

https://www.securityweek.com/slashandgrab-screenconnect-vulnerability-widely-exploited-for-malware-delivery/

https://www.mandiant.com/resources/blog/connectwise-screenconnect-hardening-remediation

https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/

https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/

https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8

https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2

https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/

https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/

https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc

https://github.com/rapid7/metasploit-framework/pull/18870

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3