February 26, 2024: ConnectWise, which produces a suite of cutting-edge IT service management tools, issued a security advisory for its remote desktop and access software solution, ScreenConnect on February 19. The advisory included two vulnerabilities:
- CVE-2024-1709: Authentication bypass using an alternate path or channel, carrying a CVSS score of 10/10
- CVE-2024-1708: Improper limitation of a pathname to a restricted directory, with a CVSS score of 8.4/10
You can view the full advisory here.
The version of ScreenConnect that are affected are 23.9.7 and prior, and could allow the ability to execute remote code or directly confidential data or critical systems.
Authentication bypass would open open the door for the second vulnerability.
Threat actors using a Lockbit ransomware variant have been observed carrying out ransomware attacks, exploiting the authentication bypass vulnerability in unpatched ScreenConnect servers at the time of the advisory.
ConnectWise has made a patch available for on-premise versions of version 23.9.7 and below and cloud instances were automatically patched.
ALL users of version 23.9.7 and prior should have already patched on-premise versions immediately. Any users that have not applied the patch should do so as soon as possible.
Any indicators of compromise from this vulnerability can be incorporated into your attack surface management or monitoring platform in order to detect ransomware or other cyber threats before causing a major breach.
ConnectWise revealed these IP addressed used by threat actors exploiting this vulnerability for protection and defense purposes:
- 155.133.5.15
- 155.133.5.14
- 118.69.65.60
SecuLore™ OverWatch customers are already being monitored for these IPs.
If you believe you have been affected by the vulnerability before patching, have not yet patched your affected version, or need assistance monitoring for these IPs on your network, or additional threats, please contact our team immediately.
SecuLore™ OverWatch provides management of your attack surface and monitoring through our patented Paladin technology to detect vulnerabilities in your network and detect anomalous behavior. The technology passively captures all traffic on your network to identify threats that are often missed by other layers of security. The packet captures are sent to our Security Operations Center to be processed via a unique behavioral analysis that is constantly reviewed by our team of CEH (Certified Ethical Hackers).
Contact SecuLore for more information to get started with a monitoring option to detect malicious traffic attempting to exploit vulnerabilities on your network security. The packet captures are sent to our Security Operations Center to be processed via a unique behavioral analysis that is constantly reviewed by our team of CEH (Certified Ethical Hackers).
Stay cyber-safe,
SecuLore Support Team
Other Alerts
Cyber-Protecting Our Nation’s Critical Infrastructure
At SecuLore, our mission is to cyber-protect our nation’s critical infrastructure. Led by experts in 9-1-1 technology, cyberwarfare, and ethical hacking, our team provides the technology, expertise, and training needed to defend customers from increasingly sophisticated cyber threats.