Critical Flaws Found in ConnectWise ScreenConnect Software – Patch Now

3 months ago AndyC

Feb 20, 2024NewsroomVulnerability / Network Security

ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution

Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now

Feb 20, 2024NewsroomVulnerability / Network Security

Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now

ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems.

The vulnerabilities, which currently lack CVE identifiers, are listed below –

  • Authentication bypass using an alternate path or channel (CVSS score: 10.0)
  • Improper limitation of a pathname to a restricted directory aka “path traversal” (CVSS score: 8.4)

The company deemed the severity of the issues as critical, citing they “could allow the ability to execute remote code or directly impact confidential data or critical systems.”

Cybersecurity

Both the vulnerabilities impact ScreenConnect versions 23.9.7 and prior, with fixes available in version 23.9.8. The flaws were reported to the company on February 13, 2024.

While there is no evidence that the shortcomings have been exploited in the wild, users who are running self-hosted or on-premise versions are recommended to update to the latest version as soon as possible.

“ConnectWise will also provide updated versions of releases 22.4 through 23.9.7 for the critical issue, but strongly recommend that partners update to ScreenConnect version 23.9.8,” ConnectWise said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Chinese Nationals Arrested for Laundering Million in Pig Butchering Crypto Scam

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam

13 hours ago AndyC
Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

13 hours ago AndyC
Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

2 days ago AndyC
New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

3 days ago AndyC
China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

3 days ago AndyC
Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks

Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks

3 days ago AndyC

You may have missed

Sekuro Appoints its First Federal Government Security Advisor

Sekuro Appoints its First Federal Government Security Advisor

28 mins ago AndyC
Weekly Update 400

Weekly Update 400

34 mins ago AndyC
Macquarie Uni to spend up to 0m on 10-year digital transformation

Macquarie Uni to spend up to $700m on 10-year digital transformation

3 hours ago AndyC
EU demands clarity on AI risks in Bing

EU demands clarity on AI risks in Bing

3 hours ago AndyC
Microsoft offers cloud customers AMD alternative to Nvidia AI processors

Microsoft offers cloud customers AMD alternative to Nvidia AI processors

3 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.