-
Notifications
You must be signed in to change notification settings - Fork 47
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #717 from JstRelax/DIVD-2024-00008
DIVD-2024-00008
- Loading branch information
Showing
1 changed file
with
56 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| --- | ||
| layout: case | ||
| title: Authentication Bypass and Remote Code Execution in ConnectWise ScreenConnect | ||
| excerpt: "Successful exploitation of CVE-2024-1708 and CVE-2024-1709 allows an unauthenticated attacker to bypass the authentication and execute remote code or directly impact confidential data or critical systems." | ||
| author: Stan Plasmeijer | ||
| lead: Stan Plasmeijer | ||
| researchers: | ||
| - Jeroen de Baare | ||
| - Barre Dijkstra | ||
| cves: | ||
| - CVE-2024-1708 | ||
| - CVE-2024-1709 | ||
| product: | ||
| - ConnectWise ScreenConnect | ||
| versions: | ||
| - ScreenConnect 23.9.7 and prior. | ||
| recommendation: "ConnectWise recommends partners to update their ScreenConnect to version 23.9.8." | ||
| patch_status: Released | ||
| status : open | ||
| start: 2024-02-21 | ||
| end: | ||
| timeline: | ||
| - start: 2024-02-21 | ||
| end: | ||
| event: "DIVD starts researching this vulnerability." | ||
| - start: 2024-02-21 | ||
| end: | ||
| event: "DIVD found a fingerprint method" | ||
| - start: 2024-02-21 | ||
| end: | ||
| event: "DIVD starts scanning the internet for vulnerable instances." | ||
| #ips: 0 | ||
| # ips is used for statistics after the case is closed. If it is not applicable, you can set IPs to n/a (e.g. stolen credentials) | ||
| # This field becomes mandatory when the case status is set to 'Closed' | ||
|
|
||
| --- | ||
| ## Summary | ||
|
|
||
| A critical security issue was recently identified in ConnectWise ScreenConnect. If abused, the flaw may enable an unauthenticated attacker to bypass the authentication and execute remote code or directly impact confidential data or critical systems. | ||
|
|
||
| ## Recommendations | ||
|
|
||
| ConnectWise recommends partners to update their ScreenConnect to version 23.9.8. ConnectWise will also provide updated versions of releases 22.4 through 23.9.7 for the critical issue, but strongly recommend that partners update to ScreenConnect version 23.9.8. | ||
|
|
||
| ## What we are doing | ||
|
|
||
| DIVD is currently working to identify vulnerable instances and notify the owners of these systems. | ||
|
|
||
| {% comment %} Leave this here, so we see a timeline {% endcomment %} | ||
| {% include timeline.html %} | ||
|
|
||
| ## More information | ||
| * [ConnectWise ScreenConnect 23.9.8 security fix](https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8) | ||
| * [Detection Guidance for ConnectWise CVE-2024-1709](https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2) | ||
| * {% cve CVE-2024-1708 %} | ||
| * {% cve CVE-2024-1709 %} |