CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2024-1709

CVSS 10.0v3.1pub. 2024-02-21upd. 2026-02-26

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

🤖 AI Analysis
How it works

The vulnerability consists of the ability to bypass the authentication process by using an alternative path or access channel, which is classified as CWE-288. An attacker without any privileges, authentication, or user interaction can exploit this flaw remotely over the network. This results in direct access to protected application resources — according to available information, the exploit is exceptionally simple to execute, and both proof-of-concept and a Metasploit framework module are publicly available.

Impact

An attacker can gain direct access to sensitive information or critical systems managed by ScreenConnect, including taking control of remotely administered endpoint machines. Due to the nature of the product (remote access tool), successful exploitation of this vulnerability can lead to complete compromise of client infrastructure.

Mitigation & patch

ConnectWise ScreenConnect must be immediately updated to version 23.9.8 or later, in accordance with the vendor's security bulletin available at: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

Who is affected

ConnectWise ScreenConnect in version 23.9.7 and all earlier versions

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Connectwise Screenconnect

    APP
    Connectwise
    < 23.9.8

CISA KEV — detailsi

Vendori
ConnectWise
Producti
ScreenConnect
Added to KEVi
February 22, 2024
Remediation deadline (US Federal)i
February 29, 2024(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 29 lutego 2024
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-14265CRITICAL9.1PL ✓ten sam produkt

ConnectWise ScreenConnect — instalacja niezaufanych rozszerzeń z RCE

CVE-2025-3935HIGH8.1⚠ KEVten sam produkt

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. AS...

CVE-2024-1708HIGH8.4⚠ KEVten sam produkt

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an at...

CVE-2023-47257HIGH8.1ten sam produkt

ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution v...

CVE-2025-14823MEDIUM5.3ten sam produkt

In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values includin...