all InfoSec news
Remediation and Hardening Guide for ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709)
Malware Analysis, News and Indicators - Latest topics malware.news
On Feb. 19, 2024, ConnectWise announced two vulnerabilities for their ScreenConnect product affecting (on-premises) versions 23.9.7 and earlier:
- CVE-2024-1708 – Authentication Bypass Vulnerability (10.0)
- CVE-2024-1709 – Path Traversal Vulnerability (8.4)
These vulnerabilities allow an unauthenticated actor to bypass authentication, and access ScreenConnect environments that may be behind a corporate firewall.
ConnectWise released an updated version of the ScreenConnect product (23.9.8+) that mitigates the vulnerabilities. ConnectWise has removed license restrictions so ScreenConnect consumers who
Article Link: Remediation and Hardening Guide for …
access actor authentication authentication bypass bypass bypass vulnerability connectwise connectwise screenconnect corporate cve cve-2024-1708 cve-2024-1709 environments guide hardening may path path traversal path traversal vulnerability product remediation screenconnect unauthenticated vulnerabilities vulnerability