CVE-2024-1709

nvd nist nuclei

Published: Feb 21, 2024Modified: Feb 26, 2026CISA KEV

10.0

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: NVD

Description

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

Affected (1)

Products: Connectwise: Screenconnect

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Connectwise Screenconnect	Before 23.9.8

Related CWEs

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References (21)

https://github.com/rapid7/metasploit-framework/pull/18870

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Issue TrackingPatchThird Party Advisory

https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc

Source: 9119a7d8-5eab-497f-8521-727c672e3725

ExploitThird Party Advisory

https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Press/Media CoverageThird Party Advisory

https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Press/Media CoverageThird Party Advisory

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Vendor Advisory

https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Third Party Advisory

https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Source: 9119a7d8-5eab-497f-8521-727c672e3725

ExploitThird Party Advisory

https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2

Source: 9119a7d8-5eab-497f-8521-727c672e3725

ExploitThird Party Advisory

https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Third Party Advisory

https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Press/Media CoverageThird Party Advisory

https://github.com/rapid7/metasploit-framework/pull/18870

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/

Source: af854a3a-2127-422b-91ae-364da2661108

Press/Media CoverageThird Party Advisory

https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/

Source: af854a3a-2127-422b-91ae-364da2661108

Press/Media CoverageThird Party Advisory

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/

Source: af854a3a-2127-422b-91ae-364da2661108

Press/Media CoverageThird Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1709

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.