DIVD-2024-00008 - Authentication Bypass and Remote Code Execution in ConnectWise ScreenConnect
Our reference | DIVD-2024-00008 |
Case lead | Stan Plasmeijer |
Researcher(s) | |
CVE(s) | |
Products |
|
Versions |
|
Recommendation | ConnectWise recommends partners to update their ScreenConnect to version 23.9.8. |
Patch status | Released |
Status | Open |
Last modified | 10 Apr 2024 21:52 |
Summary
A critical security issue was recently identified in ConnectWise ScreenConnect. If abused, the flaw may enable an unauthenticated attacker to bypass the authentication and execute remote code or directly impact confidential data or critical systems.
Recommendations
ConnectWise recommends partners to update their ScreenConnect to version 23.9.8. ConnectWise will also provide updated versions of releases 22.4 through 23.9.7 for the critical issue, but strongly recommend that partners update to ScreenConnect version 23.9.8.
What we are doing
DIVD is currently working to identify vulnerable instances and notify the owners of these systems.
Timeline
Date | Description |
---|---|
21 Feb 2024 | DIVD starts researching this vulnerability. |
21 Feb 2024 | DIVD found a fingerprint method |
21 Feb 2024 | DIVD starts scanning the internet for vulnerable instances. |
21 Feb 2024 | DIVD starts notifying network owners with a vulnerable instance in their network. |
gantt
title DIVD-2024-00008 - Authentication Bypass and Remote Code Execution in ConnectWise ScreenConnect
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2024-00008 - Authentication Bypass and Remote Code Execution in ConnectWise ScreenConnect (still open) :2024-02-21, 2024-05-02
section Events
DIVD starts researching this vulnerability. : milestone, 2024-02-21, 0d
DIVD found a fingerprint method : milestone, 2024-02-21, 0d
DIVD starts scanning the internet for vulnerable instances. : milestone, 2024-02-21, 0d
DIVD starts notifying network owners with a vulnerable instance in their network. : milestone, 2024-02-21, 0d
More information
- ConnectWise ScreenConnect 23.9.8 security fix
- Detection Guidance for ConnectWise CVE-2024-1709
- CVE-2024-1708
- CVE-2024-1709