A critical ConnectWise ScreenConnect vulnerability that puts thousands of servers at risk of takeover is actively being exploited in the wild, ConnectWise said Tuesday.ConnectWise released a security fix for ScreenConnect 23.9.7 on Monday, disclosing two vulnerabilities, including a critical bug with a maximum CVSS score of 10. The security bulletin was later updated with three IP addresses known to be targeting the flaw. This critical flaw, tracked as CVE-2024-1709, makes it “trivial and embarrassingly easy” to achieve authentication bypass and gain administrative access to a ScreenConnect instance, according to researchers at Huntress. The second bug, tracked as CVE-2024-1708, is a path traversal vulnerability that could allow a malicious ScreenConnect extension to achieve remote code execution (RCE) outside of its intended subdirectory.However, the Huntress researchers noted that exploitation of CVE-2024-1709 alone is sufficient to enable RCE.Managers of on-premises ConnectWise ScreenConnect instances should immediately upgrade to version 23.9.8 to prevent server compromise. Cloud instances have already been patched, according to ConnectWise.
Supply chain, Ransomware, Vulnerability Management
ConnectWise exploit could spur ‘ransomware free-for-all,’ expert warns

An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



