CVE-2024-1709

CVSS 3.1 Score 10.0 of 10 (CRITICAL)

Attack Complexity

LOW

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Scope

CHANGED

Privileges Required

NONE

Summary

CVE-2024-1709 is a newly disclosed vulnerability affecting ConnectWise ScreenConnect versions 23.9.7 and older. This issue involves an Authentication Bypass vulnerability, enabling attackers to bypass the authentication process and gain unauthorized access to confidential information or critical systems. The bypass is achieved through an alternate path or channel, posing a significant security risk. Organizations using ConnectWise ScreenConnect are urged to update to the latest version to mitigate this threat.

Details

Published: formatDate( 2024-02-21T16:15:50.420Z )
Updated: formatDate( 2024-02-23T02:00:01.867Z )
CWE ID: CWE-288

Affected Products

ConnectWise Control

Affected Vendors

ConnectWise

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/umb8Ac
https://www.cve.org/CVERecord?id=CVE-2024-1709
https://nvd.nist.gov/vuln/detail/CVE-2024-1709