High-Risk Vulnerabilities in ConnectWise ScreenConnect and Remediation procedure

by
Sharing is caring

Views: 64

On February 19, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. Both vulnerabilities affect ScreenConnect 23.9.7 and earlier.

Affected Products: ScreenConnect
Severity: Critical
Priority: 1 – High

ScreenConnect is popular remote access software used by many organizations globally. There appear to be some 8,500+ instances of ScreenConnect exposed to the public internet.

SOURCE: Shodan

Severity

Critical—Vulnerabilities that could allow the ability to execute remote code or directly impact confidential data or critical systems.

Priority

1 High—Vulnerabilities that are either being targeted or have higher risk of being targeted by exploits in the wild. Recommend installing updates as emergency changes or as soon as possible (e.g., within days)

Affected versions

ScreenConnect 23.9.7 and prior

Associated CVEs

CVE-2024-1709: An authentication bypass using an alternate path or channel (CVSS 10)
CVE-2024-1708: A path traversal issue (CVSS 8.4)

Indicators of compromise

As per Connectwise, the following IP addresses were used by threat actors.

155.133.5.15
155.133.5.14
118.69.65.60

Mitigation


All versions of ConnectWise ScreenConnect before 23.9.8 are vulnerable to these (CVE-less) issues. Customers who have on-premise ScreenConnect instances in their environments should apply the 23.9.8 update on an emergency basis, per ConnectWise’s guidance.

As per the information from the Connectwise website,
Cloud

There are no actions needed by the partner, ScreenConnect servers hosted in “screenconnect.com” cloud or “hostedrmm.com” have been updated to remediate the issue.

On-premise

Partners that are self-hosted or on-premise need to update their servers to version 23.9.8 immediately to apply a patch.

ConnectWise will also provide updated versions of releases 22.4 through 23.9.7 for the critical issue, but strongly recommend that partners update to ScreenConnect version 23.9.8.

In a very good move, it seems that ConnectWise has removed license restrictions, so partners no longer under maintenance can upgrade to the latest version of ScreenConnect.

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

Featured Image: Image by Oleg Gamulinskii from Pixabay