ScreenConnect Vulnerable to Path-Traversal Attacks

CVE-2024-1708

8.4HIGH

Key Information

Vendor
Connectwise
Status
Screenconnect
Vendor
CVE Published:
21 February 2024

Badges

πŸ₯‡ Trended No. 1πŸ“ˆ TrendedπŸ“ˆ Score: 15,000πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2024-1708?

CVE-2024-1708 is a vulnerability identified in ConnectWise ScreenConnect, a remote support software that enables technicians to remotely access and troubleshoot devices. This vulnerability is a path-traversal flaw found in versions 23.9.7 and earlier, allowing attackers to manipulate file paths. As a result, unauthorized access to sensitive files can occur, which may lead to severe repercussions for organizations relying on this software for remote support and management services.

Technical Details

The path-traversal vulnerability in ConnectWise ScreenConnect allows an attacker to exploit the way file paths are handled by the software. By crafting specific requests, an attacker can navigate the file system of the affected system, potentially accessing sensitive files and executing arbitrary code. This flaw arises from insufficient validation of user input, resulting in improper restriction on file access.

Impact of the Vulnerability

  1. Remote Code Execution: The vulnerability may enable attackers to execute arbitrary code on affected systems, leading to complete control over those systems and allowing for further malicious activities.

  2. Data Compromise: Attackers could gain access to confidential data stored on the system, putting sensitive information at risk, which could result in data breaches impacting the organization and its clients.

  3. Disruption of Services: The exploitation of this vulnerability can lead to service disruptions, as compromised systems may need to be taken offline for remediation, impacting normal business operations and customer support functions.

Affected Version(s)

ScreenConnect <= 23.9.7

News Articles

favicon imageSecurity Intelligence

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

ConnectWise recently reported two vulnerabilities in its ScreenConnect product, allowing threat actors to bypass authentication and execute remote code.

8 months ago

favicon imageBleepingComputer

CISA urges software devs to weed out path traversal vulnerabilities

​CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping.

8 months ago

favicon imagewww.secureworks.com

Widespread Exploitation of ConnectWise ScreenConnect Server Vulnerabilities

On February 19, 2024, ConnectWise released a security bulletin detailing the following two vulnerabilities in the self-hosted ScreenConnect server. Both vulnerabilities were reported to ConnectWise on...

10 months ago

References

https://www.connectwise.com/company/trust/security-bullet...
https://www.huntress.com/blog/a-catastrophe-for-control-u...

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ₯‡

    Vulnerability reached the number 1 worldwide trending spot

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ“°

    First article discovered by Unit 42

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database11 News Article(s)
.