This is some text inside of a div block.
Glitch effect

Vulnerability Reproduced: Immediately Patch ScreenConnect 23.9.8

Contributors:
Special thanks to our Contributors:
Glitch effectGlitch effectGlitch effect
Glitch banner

UPDATE: Read our full analysis of CVE-2024-1709 & CVE-2024-1708 and detection guidance here.

UPDATE: We have proactively deployed a temporary hotfix to over 1000 vulnerable systems managed by Huntress. It's crucial people still update to the latest official version ASAP. During research and creation of a Proof-of-Concept exploit to validate the vulnerability, Huntress identified a way to temporarily hot-fix vulnerable systems while administrators work to patch their systems.

UPDATE:  Detection guidance from Huntress has been issued.

Huntress security researchers successfully created and validated a proof-of-concept exploit for the vulnerabilities referenced to in the latest February 19 ConnectWise ScreenConnect advisory

  1. CWE-288 “Authentication bypass using an alternate path or channel,” base score of 10, and
  2. CWE-22 “Improper limitation of a pathname to a restricted directory (‘path traversal’),” base score of 8.4

The ConnectWise article indicates the severity as “critical—vulnerabilities that could allow the ability to execute remote code or directly impact confidential data or critical systems.” 

Huntress is in complete agreement with this assessment. They state there is no knowledge of any in-the-wild exploitation, and for this reason, we will not yet share any further details on this threat.

As of 07:00 AM EST, over 8,800 servers are shown as running a vulnerable version on the Censys.io platform.

For Cloud users of ScreenConnect, no action is required on your part—cloud instances have been automatically updated to the latest secure version.

For on-premise users, we offer our strongest recommendation to patch and update to ScreenConnect version 23.9.8 immediately. 

We encourage customers and partners to reach out if they need assistance. If you are not currently using Huntress EDR, sign up for a free trial, and Huntress will monitor for any related activity.

Share

Sign Up for Blog Updates

Subscribe today and you’ll be the first to know when new content hits the blog.

By submitting this form, you accept our Privacy Policy
Oops! Something went wrong while submitting the form.
Huntress at work
Response to Incidents
Response to Incidents