ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
The vulnerability consists of the ability to bypass the authentication process by using an alternative path or access channel, which is classified as CWE-288. An attacker without any privileges, authentication, or user interaction can exploit this flaw remotely over the network. This results in direct access to protected application resources — according to available information, the exploit is exceptionally simple to execute, and both proof-of-concept and a Metasploit framework module are publicly available.
An attacker can gain direct access to sensitive information or critical systems managed by ScreenConnect, including taking control of remotely administered endpoint machines. Due to the nature of the product (remote access tool), successful exploitation of this vulnerability can lead to complete compromise of client infrastructure.
ConnectWise ScreenConnect must be immediately updated to version 23.9.8 or later, in accordance with the vendor's security bulletin available at: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
ConnectWise ScreenConnect in version 23.9.7 and all earlier versions
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HConnectwise Screenconnect
APPConnectwise< 23.9.8
CISA KEV — detailsi
- Vendori
- ConnectWise ↗
- Producti
- ScreenConnect
- Added to KEVi
- February 22, 2024
- Remediation deadline (US Federal)i
- February 29, 2024(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.
Related vulnerabilities
ConnectWise ScreenConnect — instalacja niezaufanych rozszerzeń z RCE
ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. AS...
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an at...
ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution v...
In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values includin...