CVE-2024-1709: ConnectWise ScreenConnect Authentication Bypass Vulnerability

CVE ID

CVE-2024-1709

Vulnerability Name

ConnectWise ScreenConnect Authentication Bypass Vulnerability

• Project: ConnectWise
• Product: ScreenConnect

Date

• Date Added: 2024-02-22
• Due Date: 2024-02-29

Description

ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8; https://nvd.nist.gov/vuln/detail/CVE-2024-1709

Related Security News

• Chinese hackers exploiting VMware zero-day since October 2024
• ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach
• ConnectWise breached in cyberattack linked to nation-state hackers
• BadPilot network hacking campaign fuels Russian SandWorm attacks
• Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally
• Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List