ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
Weakness
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Screenconnect | Connectwise | * | 23.9.8 (excluding) |
Potential Mitigations
Related Attack Patterns
References
- https://github.com/rapid7/metasploit-framework/pull/18870
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
- https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/
- https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
- https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
- https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
- https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
- https://github.com/rapid7/metasploit-framework/pull/18870
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
- https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/
- https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
- https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
- https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
- https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1709