Concerns Rise among Cybersecurity Experts Due to ‘Insignificant’ ConnectWise Vulnerabilities

Compare to the July 2021 cyber attack on Kaseya, two newly-discovered vulnerabilities in the widely-used remote desktop access application ConnectWise ScreenConnect are being deemed trivial to exploit by security experts. The first vulnerability, tracked as CVE-2024-1709, allows threat actors to bypass authentication using an alternate path or channel and has a critical CVSS score of 10. The second vulnerability, tracked as CVE-2024-1708, is a path traversal issue with a CVSS score of 8.4. ConnectWise has released fixes for the vulnerabilities and cloud partners have already been remediated. On-premises partners are advised to update to version 23.9.10.8817. ConnectWise has acknowledged and is investigating reports of suspicious activity related to the vulnerabilities. The proof-of-concept exploit code has been made public and exploitation has been described as “embarrassingly easy.” Security experts warn that the combination of vulnerabilities and remote services can lead to significant real-world attacks and urge vulnerable ConnectWise customers to take immediate action to protect themselves. Comparisons are being drawn with the Kaseya cyber attack, as an extensive number of managed services providers (MSPs) also use ConnectWise. The vulnerabilities pose a significant risk as they allow hackers to easily spread ransomware through trusted sources like remote access software.

Unlock your business potential with our expert guidance. Get in touch now!

tra_20241209-the-complete-2025-comptia-certification-training-super-bundle-by-idunova.jpg

Get Ready for 2025 with Our CompTIA Training Bundle for Just $50!

stateless-firewall-featured-image-12052024-min.png

5 Benefits of Implementing a Stateless Firewall (and 3 Important Limitations)

AdobeStock_315682413.jpg

Chief AI Officers: The Key Players in AI Success

AdobeStock_272603267.jpg

How Employee Data Access Habits Are Impacting Australian Employers Negatively

teamwork-collaboration-businesspeople-Friends-Stock-adobe.jpg

UK Medical Trial of Four-Day Work Week Shows Increased Staff Happiness and Productivity

tr_20241205-uk-cyber-risks-underestimated.jpg

UK Cyber Risks Are ‘Significantly Underestimated,’ Cautions Security Chief

Online-shopping-retail-adobe.jpg

Tech Strategy Uncovered: Insights from Dan Lake, Vice President at Notonthehighstreet.com