Published: February 21, 2024

Overview

ConnectWise has published information about two serious vulnerabilities affecting ConnectWise ScreenConnect: ‘CWE-288: Authentication bypass using an alternate path or channel’ with a CVSS base score of 10, and ‘CWE-22: Improper limitation of a pathname to a restricted directory (“path traversal”)’ with a CVSS base score of 8.4.

Impact

Vulnerabilities in the on-premises instances of ConnectWise ScreenConnect could allow the ability to execute remote code or directly impact confidential data or critical systems. ScreenConnect servers hosted on the ‘screenconnect.com’ cloud or ‘hostedrmm.com’ have been updated to remediate the issue.

Applicable Versions

Affected VersionUpdated Version
ScreenConnect 23.9.7 and prior  23.9.8

Mitigations and Workarounds

Upgrade ScreenConnect to version 23.9.8, as the vulnerability can be easily compromised. 

Best Practices

Subscribe to vendor’s security advisories and update the products as recommended by the vendor. Run regular vulnerability scans to detect vulnerabilities in your systems. 

Netsurion Detection and Response

Netsurion has updated its threat center with the available IOCs to detect any attacks. Netsurion researchers are continuously monitoring the exploits of this vulnerability.

Netsurion’s vulnerability management system is collaborating with vendors to update the vulnerability scanners for customers who have subscribed to Netsurion Vulnerability Management.

References:

Cybersecurity Updates
Latest Advisory Alerts

Palo Alto PAN-OS Command Injection Vulnerability

D-Link NAS Command Injection Vulnerability

VMware ESXi, Workstation, and Fusion Vulnerabilities

Latest Data Source Integrations

AWS Key Management Service (KMS)

Have I Been Pwned

SentinelOne

Latest Enhancements

Netsurion Open XDR Now Supports PCI DSS 4.0

Extended Data Source Integrations and Alerts Released for Essentials

Enriched Application Control in Open XDR 9.4