Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-1709
Analyzed
More InfoOfficial Page
Source-9119a7d8-5eab-497f-8521-727c672e3725
View Known Exploited Vulnerability (KEV) details
Published At-21 Feb, 2024 | 16:15
Updated At-26 Feb, 2026 | 15:04

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2024-02-222024-02-29ConnectWise ScreenConnect Authentication Bypass VulnerabilityApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-02-22
Due Date: 2024-02-29
Vulnerability Name: ConnectWise ScreenConnect Authentication Bypass Vulnerability
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CPE Matches
connectwise
connectwise
>>screenconnect>>Versions before 23.9.8(exclusive)
cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-288Secondary9119a7d8-5eab-497f-8521-727c672e3725
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: CWE-288
Type: Secondary
Source: 9119a7d8-5eab-497f-8521-727c672e3725
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/rapid7/metasploit-framework/pull/188709119a7d8-5eab-497f-8521-727c672e3725
Issue Tracking
Patch
Third Party Advisory
https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc9119a7d8-5eab-497f-8521-727c672e3725
Exploit
Third Party Advisory
https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/9119a7d8-5eab-497f-8521-727c672e3725
Press/Media Coverage
Third Party Advisory
https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/9119a7d8-5eab-497f-8521-727c672e3725
Press/Media Coverage
Third Party Advisory
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.89119a7d8-5eab-497f-8521-727c672e3725
Vendor Advisory
https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/9119a7d8-5eab-497f-8521-727c672e3725
Third Party Advisory
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass9119a7d8-5eab-497f-8521-727c672e3725
Exploit
Third Party Advisory
https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-29119a7d8-5eab-497f-8521-727c672e3725
Exploit
Third Party Advisory
https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-89119a7d8-5eab-497f-8521-727c672e3725
Third Party Advisory
https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/9119a7d8-5eab-497f-8521-727c672e3725
Press/Media Coverage
Third Party Advisory
https://github.com/rapid7/metasploit-framework/pull/18870af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Patch
Third Party Advisory
https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-pocaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
Third Party Advisory
https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
Third Party Advisory
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypassaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1709134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Hyperlink: https://github.com/rapid7/metasploit-framework/pull/18870
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource:
Exploit
Third Party Advisory
Hyperlink: https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource:
Press/Media Coverage
Third Party Advisory
Hyperlink: https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource:
Press/Media Coverage
Third Party Advisory
Hyperlink: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource:
Vendor Advisory
Hyperlink: https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource:
Third Party Advisory
Hyperlink: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource:
Third Party Advisory
Hyperlink: https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource:
Press/Media Coverage
Third Party Advisory
Hyperlink: https://github.com/rapid7/metasploit-framework/pull/18870
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Press/Media Coverage
Third Party Advisory
Hyperlink: https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Press/Media Coverage
Third Party Advisory
Hyperlink: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Press/Media Coverage
Third Party Advisory
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1709
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
US Government Resource
Change History
0Changes found
Details not found