Register for Zero Trust World 25!
Back to Blogs Back to Press Releases
ThreatLocker Blog: ConnectWise ScreenConnect Vulnerabilities Report
February 20, 2024

ConnectWise ScreenConnect Vulnerability Report

Table of Contents

ConnectWise has released software updates addressing two critical security vulnerabilities in its ScreenConnect remote desktop and access software. 

These vulnerabilities pose significant risks to affected systems, including the potential for remote code execution and unauthorized access to sensitive data. 

Below is a detailed report outlining the vulnerabilities, their impact, and the recommended actions for mitigation.

What is Remote Code Execution?

Remote code execution refers to a situation in which an attacker can execute commands or run malicious software on a target system from a remote location without requiring physical access to the device.

Remote code executions allow the attacker to take control of the affected system and carry out various actions, such as installing malware, stealing data, or altering system configurations, all without the user's knowledge or consent.

Example: Someone has gained unauthorized access to your computer from another location. This person could run programs, delete files, or even take over your entire system without physically being present at your computer. This ability to remotely control a device opens up significant security risks, as it can lead to data breaches, system compromise, and other harmful consequences.

ConnectWise ScreenConnect Vulnerability Details:

Authentication Bypass (CVSS score: 10.0): 

This vulnerability allows attackers to bypass authentication mechanisms using an alternate path or channel, potentially leading to unauthorized access to confidential data or the execution of arbitrary code on vulnerable servers. The severity of this issue is rated as critical due to its potential for exploitation and the impact it can have on affected systems.

Path Traversal (CVSS score: 8.4): 

This vulnerability involves improper limitation of a pathname to a restricted directory, commonly known as "path traversal." Attackers with high privileges can exploit this flaw to access files and directories outside the intended directory structure, potentially leading to unauthorized disclosure of sensitive information or further compromise of the system.

ConnectWise ScreenConnect Vulnerability Impact Assessment:

Both vulnerabilities affect ScreenConnect versions 23.9.7 and earlier. ConnectWise has classified these issues as critical, emphasizing their potential to facilitate remote code execution or directly compromise confidential data and critical systems.

ConnectWise ScreenConnect Vulnerability Mitigation Measures:

ConnectWise has provided the following recommendations for mitigating the security risks associated with these vulnerabilities:

Update to Version 23.9.8: 

Users running affected versions are strongly advised to update to ScreenConnect version 23.9.8, which contains fixes for the identified vulnerabilities. ConnectWise will also provide updated versions for releases 22.4 through 23.9.7 to address the critical issue.

Immediate Patching: 

ConnectWise urges on-premise partners to patch their ScreenConnect servers immediately to mitigate the identified security risks. While there is no evidence of exploitation in the wild, prompt action is necessary to prevent potential attacks.