Concerns Rise among Cybersecurity Experts Due to ‘Insignificant’ ConnectWise Vulnerabilities

Compare to the July 2021 cyber attack on Kaseya, two newly-discovered vulnerabilities in the widely-used remote desktop access application ConnectWise ScreenConnect are being deemed trivial to exploit by security experts. The first vulnerability, tracked as CVE-2024-1709, allows threat actors to bypass authentication using an alternate path or channel and has a critical CVSS score of 10. The second vulnerability, tracked as CVE-2024-1708, is a path traversal issue with a CVSS score of 8.4. ConnectWise has released fixes for the vulnerabilities and cloud partners have already been remediated. On-premises partners are advised to update to version 23.9.10.8817. ConnectWise has acknowledged and is investigating reports of suspicious activity related to the vulnerabilities. The proof-of-concept exploit code has been made public and exploitation has been described as “embarrassingly easy.” Security experts warn that the combination of vulnerabilities and remote services can lead to significant real-world attacks and urge vulnerable ConnectWise customers to take immediate action to protect themselves. Comparisons are being drawn with the Kaseya cyber attack, as an extensive number of managed services providers (MSPs) also use ConnectWise. The vulnerabilities pose a significant risk as they allow hackers to easily spread ransomware through trusted sources like remote access software.

Unlock your business potential with our expert guidance. Get in touch now!

Oxford-skyline-fotolia.jpg

Oxford University Introduces Cyber Resilience Module in MBA Curriculum

Hacker-stereotype-hoodie-code-adobe-hero.jpg

Co-op Warns Staff to Stay Vigilant Against Potential Hackers

fake-fact-misinformation-Lemonsoup14-adobe.jpg

Government and Ofcom Clash Over Scope of Online Safety Act

security-threat-cyber-attack-2-adobe.jpeg

Decoding Cyber Attacks: The Challenge and Its Importance

ransomware-attack-encrypted-files-adobe.jpg

Scattered Spider Linked to M&S Cyber Attack

chess-strategy-game-intelligence-2-adobe.jpeg

Ongoing Challenges as UK’s Cyber Security and Resilience Bill Progresses

Crime-arrest-handcuffs-adobe.jpg

Concerns Escalate Over UK MoJ Crime Prediction Algorithms