DIVD-2024-00008 - Authentication Bypass and Remote Code Execution in ConnectWise ScreenConnect

Our reference DIVD-2024-00008
Case lead Stan Plasmeijer
Researcher(s)
CVE(s)
Products
  • ConnectWise ScreenConnect
Versions
  • ScreenConnect 23.9.7 and prior.
Recommendation ConnectWise recommends partners to update their ScreenConnect to version 23.9.8.
Patch status Released
Status Open
Last modified 10 Apr 2024 21:52

Summary

A critical security issue was recently identified in ConnectWise ScreenConnect. If abused, the flaw may enable an unauthenticated attacker to bypass the authentication and execute remote code or directly impact confidential data or critical systems.

Recommendations

ConnectWise recommends partners to update their ScreenConnect to version 23.9.8. ConnectWise will also provide updated versions of releases 22.4 through 23.9.7 for the critical issue, but strongly recommend that partners update to ScreenConnect version 23.9.8.

What we are doing

DIVD is currently working to identify vulnerable instances and notify the owners of these systems.

Timeline

Date Description
21 Feb 2024 DIVD starts researching this vulnerability.
21 Feb 2024 DIVD found a fingerprint method
21 Feb 2024 DIVD starts scanning the internet for vulnerable instances.
21 Feb 2024 DIVD starts notifying network owners with a vulnerable instance in their network.
gantt title DIVD-2024-00008 - Authentication Bypass and Remote Code Execution in ConnectWise ScreenConnect dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2024-00008 - Authentication Bypass and Remote Code Execution in ConnectWise ScreenConnect (still open) :2024-02-21, 2024-05-02 section Events DIVD starts researching this vulnerability. : milestone, 2024-02-21, 0d DIVD found a fingerprint method : milestone, 2024-02-21, 0d DIVD starts scanning the internet for vulnerable instances. : milestone, 2024-02-21, 0d DIVD starts notifying network owners with a vulnerable instance in their network. : milestone, 2024-02-21, 0d

More information