The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel

Critical ScreenConnect vulnerability presents a high risk of the breach

On Monday, ConnectWise issued a security alert regarding their popular ScreenConnect RMM tool. Two vulnerabilities were privately reported to the ConnectWise Trust Center the week before. The vulnerabilities consist of an authentication bypass and a path traversal; combined, these techniques can allow an attacker to execute code remotely on a ScreenConnect Server. Connectwise reports that all versions of ScreenConnect that are 23.9.7 and prior are affected. A patch is available for download at this address:

https://screenconnect.connectwise.com/download?_gl=1*108npz3*_ga*NzkyNzc2NzExLjE3MDg1MzA1MjE.*_ga_QSGE0F7K8V*MTcwODUzNjM0OC4yLjEuMTcwODUzNjM2Mi40Ni4wLjA.

According to a report from Huntress, their Proof of Concept test was successful on the same day as ConnectWise’s announcement. The Cerium Security Operations Center has a high degree of confidence that malicious actors will weaponize this exploit soon; the average time from discovering a vulnerability to its weaponization is now only seven days. We advise all clients using ConnectWise Screen Connect to download and patch immediately.

Recent Posts

For Emergency Support call: (877) 423-7486
For other support requests or to access your Cerium 1463° portal click here
Stay in the Know

Stay in the Know

Don't miss out on critical security advisories, industry news, and technology insights from our experts. Sign up today!

You have Successfully Subscribed!