Authentication Bypass Using Alternate Path or Channel Vulnerability Affects ConnectWise ScreenConnect 23.9.7 and Prior

CVE-2024-1709

10CRITICAL

Key Information

Vendor
Connectwise
Status
Screenconnect
Vendor
CVE Published:
21 February 2024

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 12,300πŸ’° RansomwareπŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 94%πŸ¦… CISA ReportedπŸ“° News Worthy

What is CVE-2024-1709?

CVE-2024-1709 is a critical vulnerability affecting ConnectWise ScreenConnect versions 23.9.7 and earlier. This software, designed for remote support and access, allows technicians to remotely control client computers and troubleshoot issues effectively. However, the identified vulnerability presents a serious risk to organizations, as it enables an attacker to bypass authentication mechanisms. This weakness can lead to unauthorized access to confidential information and critical systems, severely compromising organizational security and data integrity.

Technical Details

The vulnerability is categorized as an "Authentication Bypass Using Alternate Path or Channel." It exploits flaws in the authentication process, allowing unauthorized users to gain access without proper credentials. Specifically, attackers can manipulate underlying authentication workflows to bypass safeguards that typically protect sensitive operations. As a result, exploiters can use this flaw to perform unauthorized actions within the Connected systems, further complicating incident response efforts.

Impact of the Vulnerability

  1. Unauthorized Access: The primary impact of CVE-2024-1709 is unauthorized access to sensitive systems and data. Attackers can leverage this vulnerability to gain control over functionalities that should be restricted, leading to data breaches and compromised confidentiality.

  2. Critical System Compromise: Beyond just access to sensitive data, the vulnerability can allow attackers to compromise critical systems remotely. This could result in manipulation of system operations, data theft, or system integrity issues, posing significant risks to business continuity.

  3. Increased Attack Surface: As this vulnerability could be exploited by various threat actors, including cybercriminals, the existence of CVE-2024-1709 increases the overall attack surface. Organizations face a heightened risk of malware proliferation, data exfiltration, or utilization as an entry point for more sophisticated attacks, including potential ransomware deployment.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-1709 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

ScreenConnect <= 23.9.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

ScreenConnect-AuthBypass-RCE
Created by W01fh4cker

CVE-2024-1709
Created by HussainFathy

Mass-CVE-2024-1709
Created by AMRICHASFUCK

News Articles

favicon imageSecurity Intelligence

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

ConnectWise recently reported two vulnerabilities in its ScreenConnect product, allowing threat actors to bypass authentication and execute remote code.

8 months ago

favicon imageThe Record by Recorded Future

Chinese government hacker exploiting ScreenConnect, F5 bugs to attack defense and government entities

A hacker allegedly connected to the People's Republic of China (PRC) has been exploiting two popular vulnerabilities to attack U.S. defense contractors, U.K. government entities and institutions in Asia.

9 months ago

favicon imagewww.secureworks.com

Widespread Exploitation of ConnectWise ScreenConnect Server Vulnerabilities

On February 19, 2024, ConnectWise released a security bulletin detailing the following two vulnerabilities in the self-hosted ScreenConnect server. Both vulnerabilities were reported to ConnectWise on...

10 months ago

References

https://www.connectwise.com/company/trust/security-bullet...
https://www.huntress.com/blog/vulnerability-reproduced-im...
https://www.huntress.com/blog/detection-guidance-for-conn...

EPSS Score

94% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 🟑

    Public PoC available

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ’°

    Used in Ransomware

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • πŸ“°

    First article discovered by SC Media

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseCISA Database3 Proof of Concept(s)16 News Article(s)
.