On Monday, ConnectWise issued a security alert regarding their popular ScreenConnect RMM tool. Two vulnerabilities were privately reported to the ConnectWise Trust Center the week before. The vulnerabilities consist of an authentication bypass and a path traversal; combined, these techniques can allow an attacker to execute code remotely on a ScreenConnect Server. Connectwise reports that all versions of ScreenConnect that are 23.9.7 and prior are affected. A patch is available for download at this address:
https://screenconnect.connectwise.com/download?_gl=1*108npz3*_ga*NzkyNzc2NzExLjE3MDg1MzA1MjE.*_ga_QSGE0F7K8V*MTcwODUzNjM0OC4yLjEuMTcwODUzNjM2Mi40Ni4wLjA.
According to a report from Huntress, their Proof of Concept test was successful on the same day as ConnectWise’s announcement. The Cerium Security Operations Center has a high degree of confidence that malicious actors will weaponize this exploit soon; the average time from discovering a vulnerability to its weaponization is now only seven days. We advise all clients using ConnectWise Screen Connect to download and patch immediately.
