DIVD-2024-00008 - Authentication Bypass and Remote Code Execution in ConnectWise ScreenConnect
| Our reference | DIVD-2024-00008 |
| Case lead | Stan Plasmeijer |
| Researcher(s) | |
| CVE(s) | |
| Products |
|
| Versions |
|
| Recommendation | ConnectWise recommends partners to update their ScreenConnect to version 23.9.8. |
| Patch status | Released |
| Status | Closed |
| Last modified | 03 Jun 2024 14:13 |
Summary
A critical security issue was recently identified in ConnectWise ScreenConnect. If abused, the flaw may enable an unauthenticated attacker to bypass the authentication and execute remote code or directly impact confidential data or critical systems.
Recommendations
ConnectWise recommends partners to update their ScreenConnect to version 23.9.8. ConnectWise will also provide updated versions of releases 22.4 through 23.9.7 for the critical issue, but strongly recommend that partners update to ScreenConnect version 23.9.8.
What we are doing
DIVD is currently working to identify vulnerable instances and notify the owners of these systems.
Timeline
| Date | Description |
|---|---|
| 21 Feb 2024 | DIVD starts researching this vulnerability. |
| 21 Feb 2024 | DIVD found a fingerprint method |
| 21 Feb 2024 | DIVD starts scanning the internet for vulnerable instances. |
| 21 Feb 2024 | DIVD starts notifying network owners with a vulnerable instance in their network. |
| 07 May 2024 | DIVD rescans the internet for vulnerable instances |
| 07 May 2024 | DIVD starts notifying network owners with a vulnerable instance for the second time |
| 01 Jun 2024 | DIVD rescans the internet for vulnerable instances |
| 01 Jun 2024 | DIVD starts notifying network owners with a vulnerable instance for the third time |
| 01 Jun 2024 | Case closed |
gantt
title DIVD-2024-00008 - Authentication Bypass and Remote Code Execution in ConnectWise ScreenConnect
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2024-00008 - Authentication Bypass and Remote Code Execution in ConnectWise ScreenConnect (101 days) :2024-02-21, 2024-06-01
section Events
DIVD starts researching this vulnerability. : milestone, 2024-02-21, 0d
DIVD found a fingerprint method : milestone, 2024-02-21, 0d
DIVD starts scanning the internet for vulnerable instances. : milestone, 2024-02-21, 0d
DIVD starts notifying network owners with a vulnerable instance in their network. : milestone, 2024-02-21, 0d
DIVD rescans the internet for vulnerable instances : milestone, 2024-05-07, 0d
DIVD starts notifying network owners with a vulnerable instance for the second time : milestone, 2024-05-07, 0d
DIVD rescans the internet for vulnerable instances : milestone, 2024-06-01, 0d
DIVD starts notifying network owners with a vulnerable instance for the third time : milestone, 2024-06-01, 0d
Case closed : milestone, 2024-06-01, 0d
More information
- ConnectWise ScreenConnect 23.9.8 security fix
- Detection Guidance for ConnectWise CVE-2024-1709
- CVE-2024-1708
- CVE-2024-1709