Kwetsbaarheid

ConnectWise ScreenConnect vulnerability

This live blog contains information regarding a Connectwise vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Clip path group@2x

T-Update

Informatie over kwetsbaarheden

Deze liveblog beThis live blog contains information regarding a Connectwise vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Last updated on February 22, 2024.

ConnectWise has addressed vulnerabilities in ScreenConnect. ScreenConnect is remote support software that provides remote access to internal systems.
An unauthorized attacker could exploit these vulnerabilities to create a new administrator account and/or execute remote code.

vat informatie over de ConnectWise ScreenConnect kwetsbaarheid. Zodra we een update hebben voegen we die aan deze blog toe. Meer informatie over mogelijke risico’s en details worden onderaan deze blog geplaatst.

Laatste update op 22 februari 2024

ConnectWise heeft kwetsbaarheden verholpen in ScreenConnect. ScreenConnect is remote support software die op afstand toegang biedt tot interne systemen. Een ongeautoriseerde aanvaller kan deze kwetsbaarheden benutten om een nieuw administratoraccount aan te maken en/of externe uitvoering van code te initiëren, met alle risico’s van dien.

Cyberveiligheid op maat

Achtergrond

The National Cyber Security Centre (NCSC) has classified this vulnerability as ‘High/High’. The Cybersecurity and Infrastructure Security Agency (CISA) has classified the vulnerabilities with a score of 8.4 under CVE-2024-1708 and 10.0 under CVE-2024-1709. This indicates a high risk of abuse and significant impact.

Risico

The vulnerabilities affect ScreenConnect versions up to and including 23.9.7. The most critical of these vulnerabilities allows an attacker to create a new administrator account and execute arbitrary code. With public available exploits, it becomes even easier for malicious actors to carry out attacks.

Advies

For users of the on-premise version of ScreenConnect, it is strongly advised to upgrade to version 23.9.8 as soon as possible. Detailed instructions for the upgrade process can be found in the following guide:https://docs.connectwise.com/ConnectWise_ScreenConnect_Documentation/On-premises/Get_started_with_ConnectWise_ScreenConnect_On-Premise/Upgrade_an_on-premises_installation
To limit the risk of unauthorized modifications within ScreenConnect it is recommended, if possible, to perform a clean installation of ScreenConnect.This can be done via the following link: https://screenconnect.connectwise.com/download
Users of the cloud version do not need to take any action.

Bronnen

More information:

Ellipse 6

Schrijf je in voor T-Updates

Ontvang elke woensdag het laatste nieuws over malware of kwetsbaarheden in je mail

More than 1,000 organizations have already joined us.

Tesorion uses your data to send the requested information. In addition, your data may be used for commercial follow-up. You can unsubscribe from this at any time via the link in the email. For more information, read our privacy policy.

Opt-in-EN
Ellipse 6