ГлавнаяУязвимости → CVE-2024-1709
10критическая

CVE-2024-1709

Описание

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

Затрагиваемое ПО
Connectwise Screenconnect
CVSS
Балл10 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Источники
https://github.com/rapid7/metasploit-framework/pull/18870https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-pochttps://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypasshttps://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2