VDB
GSD-2024-1709
GSD-2024-1709
PUBLISHED
CVSS 10 CRITICAL
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
Risk Scores
CVSS 3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| connectwise | screenconnect | 0 |
| ConnectWise | ScreenConnect | 0 |
Timeline
- Feb 21, 2024 PoC Published
- Feb 21, 2024 CVE Published
- Feb 22, 2024 PoC Published
- Feb 22, 2024 PoC Published
- Feb 23, 2024 PoC Published
- Feb 23, 2024 PoC Published
- Feb 28, 2024 PoC Published
- Jul 17, 2024 PoC Published
- Sep 16, 2024 PoC Published
- Oct 28, 2024 PoC Published
- Nov 4, 2024 PoC Published
- Nov 8, 2024 PoC Published
References
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 url
- https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8 url
- https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2 url
- https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/ url
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc url
- https://github.com/rapid7/metasploit-framework/pull/18870 url
- https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/ url
- https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/ url
- https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/ url
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1709 url