← Back to CVEs
CVE-2024-1709
CRITICALCISA KEV10.0
Description
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
CVE Details
CVSS v3.1 Score10.0
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published2/21/2024
Last Modified2/26/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorConnectWise
ProductScreenConnect
Vulnerability NameConnectWise ScreenConnect Authentication Bypass Vulnerability
KEV Date Added2024-02-22
Remediation Due Date2024-02-29
Ransomware UseKnown
Affected Products
connectwise:screenconnect
Weaknesses (CWE)
CWE-288
References
https://github.com/rapid7/metasploit-framework/pull/18870(9119a7d8-5eab-497f-8521-727c672e3725)
https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc(9119a7d8-5eab-497f-8521-727c672e3725)
https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/(9119a7d8-5eab-497f-8521-727c672e3725)
https://github.com/rapid7/metasploit-framework/pull/18870(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc(af854a3a-2127-422b-91ae-364da2661108)
https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/(af854a3a-2127-422b-91ae-364da2661108)
https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/(af854a3a-2127-422b-91ae-364da2661108)
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8(af854a3a-2127-422b-91ae-364da2661108)
https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/(af854a3a-2127-422b-91ae-364da2661108)
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(af854a3a-2127-422b-91ae-364da2661108)
https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2(af854a3a-2127-422b-91ae-364da2661108)
https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8(af854a3a-2127-422b-91ae-364da2661108)
https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1709(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.