- Description
- ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
- Source
- 9119a7d8-5eab-497f-8521-727c672e3725
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- ConnectWise ScreenConnect Authentication Bypass Vulnerability
- Exploit added on
- Feb 22, 2024
- Exploit action due
- Feb 29, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- 9119a7d8-5eab-497f-8521-727c672e3725
- CWE-288
- nvd@nist.gov
- NVD-CWE-Other
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2024-1709
@transilienceai
17 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-1709
@transilienceai
17 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-1709
@transilienceai
17 Mar 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-1709
@transilienceai
16 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-1709
@transilienceai
15 Mar 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-1709
@transilienceai
15 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
FBI & CISA Warn: Medusa Ransomware on the Rise🚨 Medusa exploits phishing, CVE-2024-1709, PowerShell abuse, obfuscated scripts, and reverse tunneling Mitigate by updating systems, segmenting networks, enforcing MFA, and backing up data. Advisory: https://t.co/7pvERODUgS h
@vdsusa
14 Mar 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-1709
@transilienceai
14 Mar 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Medusa Ransomware Hits 300+ U.S. Critical Infrastructure Orgs 🚨 Active since 2021, the gang exploits CVE-2024-1709 & CVE-2023-48788, using phishing & LOTL tactics for double & triple extortion. FBI & CISA warn—fortify defenses now! https://t.co/6w8vLZ1Kpo #
@dCypherIO
13 Mar 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-1709 and CVE-2023-48788 are being actively exploited in Russia’s BadPilot campaign, targeting vulnerable systems. More details: https://t.co/OAGZNVVgFK #CyberSecurity #ThreatIntel
@adriananglin
17 Feb 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Threat Actors Still Leveraging Legit RMM Tool ScreenConnect for Persistence in Cyberattacks | 06-02-2025 Source: https://t.co/e4rV2aJMXX Key details below ↓ 💀Threats: Screenconnect_tool, 🔓CVEs: CVE-2024-1709… https://t.co/9I98CwogLd https://t.co
@rst_cloud
6 Feb 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26FEBC12-2B0F-4F8F-BCB8-03683D71B37F",
"versionEndExcluding": "23.9.8"
}
],
"operator": "OR"
}
]
}
]