By security practitioners, for security practitioners novacoast federal | Apex Program | novacoast | about innovate
By security practitioners, for security practitioners

Patch Now To Fix Critical RCE Vulnerability In ConnectWise ScreenConnect

ConnectWise has issued a patch for its ScreenConnect product to fix two vulnerabilities that provide a low-effort authentication bypass and path traversal, potentially allowing remote code execution or access to private systems and data. Admins are encouraged to apply the patch ASAP.

Summary

Two vulnerabilities were disclosed to ConnectWise on Feb 13, 2024, which have been verified and patched in version 23.9.8:

  • CWE-288 – Authentication bypass using an alternate path or channel (CVSS 10)
  • CWE-22 – Improper limitation of pathname to a restricted directory (CVSS 8.4)

Per the advisory from ConnectWise updated February 20, 2024, both vulnerabilities are ranked as critical severity with high priority, as they risk being targeted for exploit in the wild. It’s recommended to install updates as soon as possible.

Affected Versions

  • ScreenConnect 23.9.7 and prior

Indicators of Compromise

As of February 20, IOCs have been added to the ScreenConnect advisory to allow monitoring of exploit attempts. The following IP addresses were recently used by threat actors per ConnectWise:

  • 155.133.5.15
  • 155.133.5.14
  • 118.69.65.60

Remediation

ScreenConnect cloud servers hosted on screenconnect.com cloud or hostedrmm.com are already patched and protected. Admins using on-prem software are advised to update their servers to ScreenConnect version 23.9.8 immediately.

Resources

Previous Post

Weekly Top 10 – 02.19.2024- Critical Microsoft Exchange Vulnerability, North Korean APT Breached South Korean Presidential Staff, GoldPickaxe iOS Malware Captures Facial Recognition Data, and More.

Next Post

Innovator Series EP5: Sai Venkataraman of Discern Security

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.