CVE-2024-1709:CVE-2024-1709 is a critical authentication bypass vulnerability in ConnectWise ScreenConnect versions 23.9.7 and prior, allowing attackers to gain unauthorized access to confidential information and critical systems.

splash
Back

Description Preview

ConnectWise ScreenConnect versions 23.9.7 and earlier are affected by an authentication bypass vulnerability that utilizes an alternate path or channel. This flaw may enable an attacker to bypass authentication mechanisms, potentially granting them direct access to sensitive information and critical systems without requiring valid credentials. The vulnerability has a CVSS score of 10, indicating a critical severity level, with high impacts on confidentiality, integrity, and availability. The issue is characterized by low attack complexity and does not require any user interaction, making it particularly dangerous.

Overview

  • CVE ID: CVE-2024-1709
  • Vendor: ConnectWise
  • Product: ScreenConnect
  • Affected Versions: 23.9.7 and prior
  • Status: Active exploitation reported
  • CVSS Score: 10 (Critical)
  • Impact: High confidentiality, integrity, and availability impact
  • Attack Vector: Network
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed

Remediation

To mitigate the risks associated with CVE-2024-1709, users of ConnectWise ScreenConnect should upgrade to version 23.9.8 or later, where the vulnerability has been addressed. It is crucial for administrators to apply this patch immediately to protect their systems from potential exploitation. Regularly monitoring for updates and applying security patches promptly is recommended to maintain system security.

References

  1. ConnectWise Security Bulletin on ScreenConnect
  2. Huntress Blog on Vulnerability Reproduction
  3. Huntress Detection Guidance for CWE-288
  4. Bleeping Computer News on ConnectWise Flaw
  5. GitHub PoC for ConnectWise Authentication Bypass
  6. Metasploit Framework Pull Request
  7. Horizon3.ai Research on ConnectWise
  8. TechCrunch Article on ConnectWise Flaw
  9. SecurityWeek Confirmation of Active Exploitation
  10. Huntress Blog on Understanding the Authentication Bypass

Early Warning

Customers using Armis Early Warning were notified about this vulnerability before it appeared in CISA's Known Exploited Vulnerabilities Catalog, enabling them to assess their exposure and act proactively. Armis offers these examples of CVEs already included in CISA KEV for potential customers. Click here to learn how to receive alerts earlier.

Armis Alert Date
Feb 21, 2024
CISA KEV Date
Feb 22, 2024
1day early

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  2. Manufacturing: Low
    Manufacturing
  3. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  4. Educational Services: Low
    Educational Services
  5. Public Administration: Low
    Public Administration
  6. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  7. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  8. Retail Trade: Low
    Retail Trade
  9. Accommodation & Food Services: Low
    Accommodation & Food Services
  10. Construction: Low
    Construction
  11. Finance and Insurance: Low
    Finance and Insurance
  12. Information: Low
    Information
  13. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  14. Transportation & Warehousing: Low
    Transportation & Warehousing
  15. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  16. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  17. Mining: Low
    Mining
  18. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background