ConnectWise ScreenConnect vulnerability

The National Cyber Security Centre (NCSC) has classified this vulnerability as ‘High/High’. The Cybersecurity and Infrastructure Security Agency (CISA) has classified the vulnerabilities with a score of 8.4 under CVE-2024-1708 and 10.0 under CVE-2024-1709. This indicates a high risk of abuse and significant impact.

The vulnerabilities affect ScreenConnect versions up to and including 23.9.7. The most critical of these vulnerabilities allows an attacker to create a new administrator account and execute arbitrary code. With public available exploits, it becomes even easier for malicious actors to carry out attacks.

For users of the on-premise version of ScreenConnect, it is strongly advised to upgrade to version 23.9.8 as soon as possible. Detailed instructions for the upgrade process can be found in the following guide:
https://docs.connectwise.com/ConnectWise_ScreenConnect_Documentation/On-premises/Get_started_with_ConnectWise_ScreenConnect_On-Premise/Upgrade_an_on-premises_installation

To limit the risk of unauthorized modifications within ScreenConnect it is recommended, if possible, to perform a clean installation of ScreenConnect.
This can be done via the following link: https://screenconnect.connectwise.com/download

Users of the cloud version do not need to take any action.

More information:

• Understanding the ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708 | Huntress Blog
• https://www.ncsc.nl/actueel/advisory?id=NCSC-2024-0081