Concerns Rise among Cybersecurity Experts Due to ‘Insignificant’ ConnectWise Vulnerabilities

Compare to the July 2021 cyber attack on Kaseya, two newly-discovered vulnerabilities in the widely-used remote desktop access application ConnectWise ScreenConnect are being deemed trivial to exploit by security experts. The first vulnerability, tracked as CVE-2024-1709, allows threat actors to bypass authentication using an alternate path or channel and has a critical CVSS score of 10. The second vulnerability, tracked as CVE-2024-1708, is a path traversal issue with a CVSS score of 8.4. ConnectWise has released fixes for the vulnerabilities and cloud partners have already been remediated. On-premises partners are advised to update to version 23.9.10.8817. ConnectWise has acknowledged and is investigating reports of suspicious activity related to the vulnerabilities. The proof-of-concept exploit code has been made public and exploitation has been described as “embarrassingly easy.” Security experts warn that the combination of vulnerabilities and remote services can lead to significant real-world attacks and urge vulnerable ConnectWise customers to take immediate action to protect themselves. Comparisons are being drawn with the Kaseya cyber attack, as an extensive number of managed services providers (MSPs) also use ConnectWise. The vulnerabilities pose a significant risk as they allow hackers to easily spread ransomware through trusted sources like remote access software.

Unlock your business potential with our expert guidance. Get in touch now!

silenced-gagged-secret-Michael-adobe.jpg

Post Office Criticized for Deleting Comments on IT Scandal from Social Media

Whitehouse-fotolia-scaled.jpg

When Leaders Overlook Cybersecurity Guidelines, the Entire System Suffers

Police-crime-2-adobe.jpg

Police Digital Service Board Director Resigns Months After CISO’s Departure

surveillance-CCTV-facial-recognition-Gorodenkoff-adobe.jpg

Essex Police Reveals ‘Incoherent’ Facial Recognition Evaluation

chatbot-1-fotolia.jpg

Podcast: RSA 2025 – Navigating AI Risks and the CISO’s Role

hybrid-cloud-storage-fotolia.jpg

Trump’s Visit Strengthens Saudi Arabia’s AI Initiatives

threat-management-fotolia.jpg

Security Tests Uncover Major Vulnerability in Government’s One Login Digital ID System