On Feb. 19, 2024, ConnectWise announced two vulnerabilities for their ScreenConnect product affecting (on-premises) versions 23.9.7 and earlier:
- CVE-2024-1708 – Authentication Bypass Vulnerability (10.0)
- CVE-2024-1709 – Path Traversal Vulnerability (8.4)
These vulnerabilities allow an unauthenticated actor to bypass authentication, and access ScreenConnect environments that may be behind a corporate firewall.
ConnectWise released an updated version of the ScreenConnect product (23.9.8+) that mitigates the vulnerabilities. ConnectWise has removed license restrictions so ScreenConnect consumers who
This article has been indexed from All Blog Listing