Compare to the July 2021 cyber attack on Kaseya, two newly-discovered vulnerabilities in the widely-used remote desktop access application ConnectWise ScreenConnect are being deemed trivial to exploit by security experts. The first vulnerability, tracked as CVE-2024-1709, allows threat actors to bypass authentication using an alternate path or channel and has a critical CVSS score of 10. The second vulnerability, tracked as CVE-2024-1708, is a path traversal issue with a CVSS score of 8.4. ConnectWise has released fixes for the vulnerabilities and cloud partners have already been remediated. On-premises partners are advised to update to version 23.9.10.8817. ConnectWise has acknowledged and is investigating reports of suspicious activity related to the vulnerabilities. The proof-of-concept exploit code has been made public and exploitation has been described as “embarrassingly easy.” Security experts warn that the combination of vulnerabilities and remote services can lead to significant real-world attacks and urge vulnerable ConnectWise customers to take immediate action to protect themselves. Comparisons are being drawn with the Kaseya cyber attack, as an extensive number of managed services providers (MSPs) also use ConnectWise. The vulnerabilities pose a significant risk as they allow hackers to easily spread ransomware through trusted sources like remote access software.
Menu
