- Description
- ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
- Source
- 9119a7d8-5eab-497f-8521-727c672e3725
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- ConnectWise ScreenConnect Authentication Bypass Vulnerability
- Exploit added on
- Feb 22, 2024
- Exploit action due
- Feb 29, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- 9119a7d8-5eab-497f-8521-727c672e3725
- CWE-288
- nvd@nist.gov
- NVD-CWE-Other
- Hype score
- Not currently trending
CVE-2024-1709 and CVE-2023-48788 are being actively exploited in Russia’s BadPilot campaign, targeting vulnerable systems. More details: https://t.co/OAGZNVVgFK #CyberSecurity #ThreatIntel
@adriananglin
17 Feb 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Threat Actors Still Leveraging Legit RMM Tool ScreenConnect for Persistence in Cyberattacks | 06-02-2025 Source: https://t.co/e4rV2aJMXX Key details below ↓ 💀Threats: Screenconnect_tool, 🔓CVEs: CVE-2024-1709… https://t.co/9I98CwogLd https://t.co
@rst_cloud
6 Feb 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26FEBC12-2B0F-4F8F-BCB8-03683D71B37F",
"versionEndExcluding": "23.9.8"
}
],
"operator": "OR"
}
]
}
]