CVE-2024-1709 - ConnectWise ScreenConnect Authentication Bypass Vulnerability
Project:ConnectWise
Product:ScreenConnect
Date Added:2024-02-22Due Date:2024-02-29
Vulnerability Name
ConnectWise ScreenConnect Authentication Bypass Vulnerability
Description
ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
https://nvd.nist.gov/vuln/detail/CVE-2024-1709
Related News Articles
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEVApril 29, 2026
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa RansomwareApril 7, 2026
Microsoft links Medusa ransomware affiliate to zero-day attacksApril 7, 2026
CISA orders feds to patch VMware Tools flaw exploited by Chinese hackersOctober 31, 2025
Chinese hackers exploiting VMware zero-day since October 2024September 30, 2025