On Feb. 19, 2024, ConnectWise announced two vulnerabilities for their ScreenConnect product affecting (on-premises) versions 23.9.7 and earlier:

• CVE-2024-1708 – Authentication Bypass Vulnerability (8.4)
• CVE-2024-1709 – Path Traversal Vulnerability (10.0)

These vulnerabilities allow an unauthenticated actor to bypass authentication, and access ScreenConnect environments that may be behind a corporate firewall. 

ConnectWise released an updated version of the ScreenConnect product (23.9.8+) that mitigates the vulnerabilities. ConnectWise has removed license restrictions so ScreenConnect consumers who no longer have a maintenance subscription can update their software.

For organizations with a cloud-based controller, no action is required as ConnectWise has applied the necessary patches. For organizations with an on-premises controller, Mandiant is providing a remediation and hardening guide for additional steps to reduce risks related to these vulnerabilities.

Mandiant has identified mass exploitation of these vulnerabilities by various threat actors. Many of them will deploy ransomware and conduct multifaceted extortion.

Read our remediation and hardening guide now to protect against this threat.