Detections
Analytics

CVE-2024-1709

critical

Description

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

References

https://securelist.com/vulnerability-exploit-report-q2-2024/113455/

https://arstechnica.com/security/2024/05/black-basta-ransomware-group-is-imperiling-critical-infrastructure-groups-warn/

https://www.cisa.gov/sites/default/files/2024-05/aa24-131a-joint-csa-stopransomware-black-basta_1.pdf

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a

https://securelist.com/vulnerability-report-q1-2024/112554/

https://veriti.ai/blog/vulnerable-villain-when-hackers-get-hacked/

https://thehackernews.com/2024/03/china-linked-group-breaches-networks.html

https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect

https://www.bleepingcomputer.com/news/security/screenconnect-flaws-exploited-to-drop-new-toddleshark-malware/

https://securityaffairs.com/159640/cyber-crime/black-basta-bl00dy-ransomware-connectwise-screenconnect.html

https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html

https://www.securityweek.com/slashandgrab-screenconnect-vulnerability-widely-exploited-for-malware-delivery/

https://www.mandiant.com/resources/blog/connectwise-screenconnect-hardening-remediation

https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/

https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/

https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8

https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2

https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/

https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/

https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc

https://github.com/rapid7/metasploit-framework/pull/18870

Details

Source: Mitre, NVD

Published: 2024-02-21

Updated: 2024-02-23

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 10

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Severity: Critical