ClickySkip to main content
Need help with a cyber incident now?
Call 24/7: +31 88-2747800

ConnectWise ScreenConnect vulnerability

By 22 February 2024 CERT, SOC, Vulnerability

This live blog contains information regarding a Connectwise vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Last updated on February 22, 2024.

ConnectWise has addressed vulnerabilities in ScreenConnect. ScreenConnect is remote support software that provides remote access to internal systems.
An unauthorized attacker could exploit these vulnerabilities to create a new administrator account and/or execute remote code.

Background

The National Cyber Security Centre (NCSC) has classified this vulnerability as ‘High/High’. The Cybersecurity and Infrastructure Security Agency (CISA) has classified the vulnerabilities with a score of 8.4 under CVE-2024-1708 and 10.0 under CVE-2024-1709. This indicates a high risk of abuse and significant impact.

Potential Risk

The vulnerabilities affect ScreenConnect versions up to and including 23.9.7. The most critical of these vulnerabilities allows an attacker to create a new administrator account and execute arbitrary code. With public available exploits, it becomes even easier for malicious actors to carry out attacks.

Advise

For users of the on-premise version of ScreenConnect, it is strongly advised to upgrade to version 23.9.8 as soon as possible. Detailed instructions for the upgrade process can be found in the following guide:
https://docs.connectwise.com/ConnectWise_ScreenConnect_Documentation/On-premises/Get_started_with_ConnectWise_ScreenConnect_On-Premise/Upgrade_an_on-premises_installation

To limit the risk of unauthorized modifications within ScreenConnect it is recommended, if possible, to perform a clean installation of ScreenConnect.
This can be done via the following link: https://screenconnect.connectwise.com/download

Users of the cloud version do not need to take any action.

Subscribe

Do you want to be informed in time? Sign up for our technical updates

Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.

Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.