CVE-2024-1708 Report - Details, Severity, & Advisories
Twingate Team
•
Mar 25, 2024
CVE-2024-1708 is a high-severity vulnerability affecting ConnectWise ScreenConnect 23.9.7 and prior versions. This path-traversal vulnerability could potentially allow an attacker to execute remote code or directly impact confidential data or critical systems. While specific types of systems affected are not detailed, it can be inferred that systems using ConnectWise ScreenConnect software are at risk.
How do I know if I'm affected?
If you're using ConnectWise ScreenConnect software, you might be affected by the vulnerability. This issue impacts versions 23.9.7 and earlier. To determine if you're at risk, check your ScreenConnect version and ensure it's updated to at least version 23.9.8. Keep in mind that this vulnerability could allow an attacker to execute remote code or access confidential data on your system.
What should I do if I'm affected?
If you're affected by the vulnerability, immediately update your ScreenConnect software to version 23.9.8 or later. For cloud partners, no further action is needed as the issue has been fixed. For on-prem partners, upgrade to the latest version and follow any necessary steps to re-add your license key.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, CVE-2024-1708 is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability was added to the catalog on February 21, 2024. No specific due date or required action is provided, but users are advised to refer to vendor advisories and resources for potential solutions and mitigation strategies.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-22, which describes it as a path traversal issue that could allow unauthorized access and code execution. It affects ScreenConnect 23.9.7 and earlier versions.
For more details
CVE-2024-1708 is a high-severity vulnerability affecting ConnectWise ScreenConnect software. After analyzing various sources, including the National Vulnerability Database and ConnectWise's security bulletin, it's clear that users should update their software to mitigate the risk. For more information about the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2024-1708 Report - Details, Severity, & Advisories
Twingate Team
•
Mar 25, 2024
CVE-2024-1708 is a high-severity vulnerability affecting ConnectWise ScreenConnect 23.9.7 and prior versions. This path-traversal vulnerability could potentially allow an attacker to execute remote code or directly impact confidential data or critical systems. While specific types of systems affected are not detailed, it can be inferred that systems using ConnectWise ScreenConnect software are at risk.
How do I know if I'm affected?
If you're using ConnectWise ScreenConnect software, you might be affected by the vulnerability. This issue impacts versions 23.9.7 and earlier. To determine if you're at risk, check your ScreenConnect version and ensure it's updated to at least version 23.9.8. Keep in mind that this vulnerability could allow an attacker to execute remote code or access confidential data on your system.
What should I do if I'm affected?
If you're affected by the vulnerability, immediately update your ScreenConnect software to version 23.9.8 or later. For cloud partners, no further action is needed as the issue has been fixed. For on-prem partners, upgrade to the latest version and follow any necessary steps to re-add your license key.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, CVE-2024-1708 is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability was added to the catalog on February 21, 2024. No specific due date or required action is provided, but users are advised to refer to vendor advisories and resources for potential solutions and mitigation strategies.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-22, which describes it as a path traversal issue that could allow unauthorized access and code execution. It affects ScreenConnect 23.9.7 and earlier versions.
For more details
CVE-2024-1708 is a high-severity vulnerability affecting ConnectWise ScreenConnect software. After analyzing various sources, including the National Vulnerability Database and ConnectWise's security bulletin, it's clear that users should update their software to mitigate the risk. For more information about the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2024-1708 Report - Details, Severity, & Advisories
Twingate Team
•
Mar 25, 2024
CVE-2024-1708 is a high-severity vulnerability affecting ConnectWise ScreenConnect 23.9.7 and prior versions. This path-traversal vulnerability could potentially allow an attacker to execute remote code or directly impact confidential data or critical systems. While specific types of systems affected are not detailed, it can be inferred that systems using ConnectWise ScreenConnect software are at risk.
How do I know if I'm affected?
If you're using ConnectWise ScreenConnect software, you might be affected by the vulnerability. This issue impacts versions 23.9.7 and earlier. To determine if you're at risk, check your ScreenConnect version and ensure it's updated to at least version 23.9.8. Keep in mind that this vulnerability could allow an attacker to execute remote code or access confidential data on your system.
What should I do if I'm affected?
If you're affected by the vulnerability, immediately update your ScreenConnect software to version 23.9.8 or later. For cloud partners, no further action is needed as the issue has been fixed. For on-prem partners, upgrade to the latest version and follow any necessary steps to re-add your license key.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, CVE-2024-1708 is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability was added to the catalog on February 21, 2024. No specific due date or required action is provided, but users are advised to refer to vendor advisories and resources for potential solutions and mitigation strategies.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-22, which describes it as a path traversal issue that could allow unauthorized access and code execution. It affects ScreenConnect 23.9.7 and earlier versions.
For more details
CVE-2024-1708 is a high-severity vulnerability affecting ConnectWise ScreenConnect software. After analyzing various sources, including the National Vulnerability Database and ConnectWise's security bulletin, it's clear that users should update their software to mitigate the risk. For more information about the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.