Vulnerability Details : CVE-2024-1709
Public exploit exists!
Used for ransomware!
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
Published
2024-02-21 16:15:50
Updated
2025-01-27 21:48:25
Products affected by CVE-2024-1709
- cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*
CVE-2024-1709 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
ConnectWise ScreenConnect Authentication Bypass Vulnerability
CISA required action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA description:
ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.
Notes:
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8; https://nvd.nist.gov/vuln/detail/CVE-2024-1709
Added on
2024-02-22
Action due date
2024-02-29
Exploit prediction scoring system (EPSS) score for CVE-2024-1709
94.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2024-1709
-
ConnectWise ScreenConnect Unauthenticated Remote Code Execution
Disclosure Date: 2024-02-19First seen: 2024-02-24exploit/multi/http/connectwise_screenconnect_rce_cve_2024_1709This module exploits an authentication bypass vulnerability that allows an unauthenticated attacker to create a new administrator user account on a vulnerable ConnectWise ScreenConnect server. The attacker can leverage this to achieve RCE by uploading a malicious exten
CVSS scores for CVE-2024-1709
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government | 2024-02-21 |
|
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
NIST | 2024-02-22 |
CWE ids for CVE-2024-1709
-
The product requires authentication, but the product has an alternate path or channel that does not require authentication.Assigned by: 9119a7d8-5eab-497f-8521-727c672e3725 (Secondary)
References for CVE-2024-1709
-
https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/
Researchers warn high-risk ConnectWise flaw under attack is ’embarrassingly easy’ to exploit | TechCrunchPress/Media Coverage;Third Party Advisory
-
https://github.com/rapid7/metasploit-framework/pull/18870
Unauthenticated RCE exploit module for ConnectWise ScreenConnect (No CVE at this time) by sfewer-r7 · Pull Request #18870 · rapid7/metasploit-framework · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
Detection Guidance for ConnectWise CWE-288Exploit;Third Party Advisory
-
https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation - SecurityWeekPress/Media Coverage;Third Party Advisory
-
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
Vendor Advisory
-
https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
Vulnerability Reproduced: Immediately Patch ScreenConnect 23.9.8Third Party Advisory
-
https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/
ConnectWise ScreenConnect: Authentication Bypass Deep Dive – Horizon3.aiThird Party Advisory
-
https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
GitHub - watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-pocExploit;Third Party Advisory
-
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Understanding the ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708 | Huntress BlogExploit;Third Party Advisory
-
https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
ConnectWise urges ScreenConnect admins to patch critical RCE flawPress/Media Coverage;Third Party Advisory
Jump to