/

CVE-2024-1709 Report - Details, Severity, & Advisories...

CVE-2024-1709 Report - Details, Severity, & Advisories

Twingate Team

Mar 25, 2024

CVE-2024-1709 is a critical security vulnerability affecting ConnectWise ScreenConnect 23.9.7 and prior versions. With a severity rating of 10.0, this authentication bypass vulnerability allows attackers to gain direct access to confidential information and critical systems. Systems running the affected versions of ScreenConnect are at risk, making it crucial for users to update their software to ensure security.

How do I know if I'm affected?

If you're wondering whether your system is affected by the vulnerability, it's important to know that it impacts ConnectWise ScreenConnect versions 23.9.7 and prior. To check if you're affected, you can examine the User.xml file located in C:\\\\Program Files (x86)\\\\ScreenConnect\\\\App\\_Data\\\\ for certain elements that may indicate exploitation. Additionally, you can look for IIS logs for the malicious SetupWizard.aspx URL path, which can serve as an indicator of compromise.

What should I do if I'm affected?

If you're affected by the vulnerability, immediately update your ConnectWise ScreenConnect to version 23.9.8. For cloud users, no action is needed as updates are automatic. On-premise users should patch their systems and monitor for any suspicious activity. Reach out to your security provider for assistance if needed.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, CVE-2024-1709 is in CISA's Known Exploited Vulnerabilities Catalog. This ConnectWise ScreenConnect Authentication Bypass Vulnerability was added to the catalog on February 22, 2024, with a due date of February 29, 2024. The required action is to apply mitigations as per vendor instructions or discontinue the use of the product if mitigations are unavailable.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-288, which involves an authentication bypass using an alternate path, allowing attackers to access confidential information or critical systems. It affects ConnectWise ScreenConnect 23.9.7 and prior versions.

For more details

CVE-2024-1709 is a critical security vulnerability with severe consequences for affected systems. After analyzing the information provided by the National Vulnerability Database, SecurityWeek, and Huntress, it's clear that immediate action is necessary to mitigate the risks associated with this authentication bypass vulnerability. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2024-1709 Report - Details, Severity, & Advisories...

CVE-2024-1709 Report - Details, Severity, & Advisories

Twingate Team

Mar 25, 2024

CVE-2024-1709 is a critical security vulnerability affecting ConnectWise ScreenConnect 23.9.7 and prior versions. With a severity rating of 10.0, this authentication bypass vulnerability allows attackers to gain direct access to confidential information and critical systems. Systems running the affected versions of ScreenConnect are at risk, making it crucial for users to update their software to ensure security.

How do I know if I'm affected?

If you're wondering whether your system is affected by the vulnerability, it's important to know that it impacts ConnectWise ScreenConnect versions 23.9.7 and prior. To check if you're affected, you can examine the User.xml file located in C:\\\\Program Files (x86)\\\\ScreenConnect\\\\App\\_Data\\\\ for certain elements that may indicate exploitation. Additionally, you can look for IIS logs for the malicious SetupWizard.aspx URL path, which can serve as an indicator of compromise.

What should I do if I'm affected?

If you're affected by the vulnerability, immediately update your ConnectWise ScreenConnect to version 23.9.8. For cloud users, no action is needed as updates are automatic. On-premise users should patch their systems and monitor for any suspicious activity. Reach out to your security provider for assistance if needed.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, CVE-2024-1709 is in CISA's Known Exploited Vulnerabilities Catalog. This ConnectWise ScreenConnect Authentication Bypass Vulnerability was added to the catalog on February 22, 2024, with a due date of February 29, 2024. The required action is to apply mitigations as per vendor instructions or discontinue the use of the product if mitigations are unavailable.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-288, which involves an authentication bypass using an alternate path, allowing attackers to access confidential information or critical systems. It affects ConnectWise ScreenConnect 23.9.7 and prior versions.

For more details

CVE-2024-1709 is a critical security vulnerability with severe consequences for affected systems. After analyzing the information provided by the National Vulnerability Database, SecurityWeek, and Huntress, it's clear that immediate action is necessary to mitigate the risks associated with this authentication bypass vulnerability. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2024-1709 Report - Details, Severity, & Advisories

Twingate Team

Mar 25, 2024

CVE-2024-1709 is a critical security vulnerability affecting ConnectWise ScreenConnect 23.9.7 and prior versions. With a severity rating of 10.0, this authentication bypass vulnerability allows attackers to gain direct access to confidential information and critical systems. Systems running the affected versions of ScreenConnect are at risk, making it crucial for users to update their software to ensure security.

How do I know if I'm affected?

If you're wondering whether your system is affected by the vulnerability, it's important to know that it impacts ConnectWise ScreenConnect versions 23.9.7 and prior. To check if you're affected, you can examine the User.xml file located in C:\\\\Program Files (x86)\\\\ScreenConnect\\\\App\\_Data\\\\ for certain elements that may indicate exploitation. Additionally, you can look for IIS logs for the malicious SetupWizard.aspx URL path, which can serve as an indicator of compromise.

What should I do if I'm affected?

If you're affected by the vulnerability, immediately update your ConnectWise ScreenConnect to version 23.9.8. For cloud users, no action is needed as updates are automatic. On-premise users should patch their systems and monitor for any suspicious activity. Reach out to your security provider for assistance if needed.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, CVE-2024-1709 is in CISA's Known Exploited Vulnerabilities Catalog. This ConnectWise ScreenConnect Authentication Bypass Vulnerability was added to the catalog on February 22, 2024, with a due date of February 29, 2024. The required action is to apply mitigations as per vendor instructions or discontinue the use of the product if mitigations are unavailable.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-288, which involves an authentication bypass using an alternate path, allowing attackers to access confidential information or critical systems. It affects ConnectWise ScreenConnect 23.9.7 and prior versions.

For more details

CVE-2024-1709 is a critical security vulnerability with severe consequences for affected systems. After analyzing the information provided by the National Vulnerability Database, SecurityWeek, and Huntress, it's clear that immediate action is necessary to mitigate the risks associated with this authentication bypass vulnerability. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the links below.