logo

CVE-2024-1709 - ConnectWise ScreenConnect Authentication Bypass Vulnerability

CVE-2024-1709

ConnectWise | ScreenConnect

  • Date Added:
  • 2024-02-22
  • Due Date:
  • 2024-02-29
Vulnerability Name

ConnectWise ScreenConnect Authentication Bypass Vulnerability

Description

ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8; https://nvd.nist.gov/vuln/detail/CVE-2024-1709

Free security scan for your website