HIGH🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2024-1708

CVSS 8.4v3.1pub. 2024-02-21upd. 2026-04-28

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
  • Connectwise Screenconnect

    APP
    Connectwise
    < 23.9.8

CISA KEV — detailsi

Vendori
ConnectWise
Producti
ScreenConnect
Added to KEVi
April 28, 2026
Remediation deadline (US Federal)i
May 12, 2026(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 12 maja 2026
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2024-1709CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Authentication Bypass w ConnectWise ScreenConnect — bezpośredni dostęp do systemów

CVE-2025-14265CRITICAL9.1PL ✓ten sam produkt

ConnectWise ScreenConnect — instalacja niezaufanych rozszerzeń z RCE

CVE-2025-3935HIGH8.1⚠ KEVten sam produkt

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. AS...

CVE-2023-47257HIGH8.1ten sam produkt

ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution v...

CVE-2025-14823MEDIUM5.3ten sam produkt

In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values includin...