What is it?
ConnectWise ScreenConnect provides remote support (remote control) to help you support your staff.
Remote Control software is naturally an attractive target for cyber attackers.
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass, using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
CyberSecurity & Infrastructure Security Agency (CISA) is an agency of the US Government.
CISA and other researchers have jointly concluded that this exploit should NOT be described publicly because it is “trivial and embarrassingly easy.”
CISA also prioritizes cyber risks, focusing on risks that are actively being exploited. CISA rates this threat as HIGH risk.
Why is it a risk?
An attacker can take over your remote session gaining complete control of computers in your network.
What more needs to be said?
The CISA link below describes the dangers of the attack (but not the mechanics).
How can you mitigate the risk?
If your organization provides services to the US government, then you are legally obligated to perform this remediation in a timely way because it is of HIGH risk, see the BOD 22-01 Fact Sheet link below.
Even if your organization does NOT provide services to the US government, you should still act immediately to resolve this threat.
Upgrade your installation of ConnectWise ScreenConnect to 23.9.8 or later. See the link below.
Resources:
CyberSecurity & Infrastructure Security Agency CVE-2024-1709
ConnectWise ScreenConnect 23.9.8 security fix
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
BOD 22-01 Fact Sheet
