Description Preview
ConnectWise ScreenConnect versions 23.9.7 and earlier are vulnerable to an authentication bypass using an alternate path or channel. This flaw may enable a remote attacker to bypass the login mechanism and access protected resources, potentially exposing confidential information or enabling control over critical systems. The vulnerability is exploitable over the network with no privileges required and no user interaction, and its exploitation can impact confidentiality, integrity, and availability. A fix was released with version 23.9.8.
Overview
This CVE describes a high-severity authentication bypass in ConnectWise ScreenConnect prior to 23.9.8. The flaw allows an attacker to bypass authentication through an alternate path or channel, resulting in direct access to confidential data or critical systems without requiring user interaction. The issue is rated critical (CVSS 3.1: AV network, AC low, PR none, UI none, SC changed, C/H/I/A high) and was publicly disclosed with active exploitation reported in multiple security outlets prior to the patch.
Remediation
- Upgrade to ScreenConnect to version 23.9.8 or newer as soon as possible, following the vendor’s upgrade and patching guidance.
- If immediate upgrade is not feasible, implement compensating controls to reduce exposure:
- Limit exposure by placing ScreenConnect behind a VPN or restricting access via a firewall and IP allowlists.
- Disable or tightly restrict external/public access to the ScreenConnect admin interfaces.
- Enforce network segmentation and least privilege for management components.
- After patching, verify the update to ensure the version is 23.9.8 or newer and that the remediation is in place.
- Monitor security logs and alerts for indicators of exploitation or anomalous authentication attempts; search for new admin accounts, unusual login times, or configuration changes.
- Consider additional hardening steps (if not already in place): implement MFA where supported, rotate credentials, and ensure regular backups and an incident response plan.
- Review vendor advisories and CVE-specific guidance to validate any environment-specific mitigations.
References
- ConnectWise Security Bulletin: ConnectWise ScreenConnect 23.9.8
- Huntress: Vulnerability reproduced immediately; patch ScreenConnect 23.9.8
- Huntress: Detection guidance for ConnectWise CWE-288-2
- Bleeping Computer: ConnectWise urges admins to patch critical RCE flaw
- GitHub: watchtowrlabs connectwise-screenconnect_auth-bypass-add-user-poc
- GitHub: Metasploit Framework PR #18870
- Horizon3 AI: Red team deep dive on connectwise-screenconnect-auth-bypass
- TechCrunch: Researchers warn high-risk ConnectWise flaw under attack
- SecurityWeek: ConnectWise confirms ScreenConnect flaw under active exploitation
- Huntress: A catastrophe for control—understanding the ScreenConnect authentication bypass
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Health Care & Social AssistanceHealth Care & Social Assistance: Medium
- ManufacturingManufacturing: Low
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services: Low
- Educational ServicesEducational Services: Low
- Other Services (except Public Administration)Other Services (except Public Administration): Low
- Public AdministrationPublic Administration: Low
- Retail TradeRetail Trade: Low
- Arts, Entertainment & RecreationArts, Entertainment & Recreation: Low
- Transportation & WarehousingTransportation & Warehousing: Low
- Accommodation & Food ServicesAccommodation & Food Services: Low
- ConstructionConstruction: Low
- Finance and InsuranceFinance and Insurance: Low
- InformationInformation: Low
- Management of Companies & EnterprisesManagement of Companies & Enterprises: Low
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services: Low
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting: Low
- MiningMining: Low
- Real Estate Rental & LeasingReal Estate Rental & Leasing: Low
- UtilitiesUtilities: Low
- Wholesale TradeWholesale Trade: Low
