Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)

The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw. ConnectWise has also released a newer version of ScreenConnect (v23.9.10.8817), which contains the fixes for the two flaws and other non-security fixes but – more crucially – customers no longer under maintenance can upgrade to it to protect themselves against exploitation. Confirmed exploitation, PoC available ConnectWise shared … More →

The post …

attackers authentication authentication bypass bypass connectwise customers cve cve-2024-1708 cve-2024-1709 don't miss exploit exploiting fixes flaw flaws hot stuff huntress msp numbers palo alto networks patch path path traversal poc remote access remote management screenconnect shadowserver version vulnerabilities vulnerability watchtowr