Customer portal
Articles Tagged with

connectwise

"Connectwise_vulnerability"/
Flash Alert

Flash Alert – Critical vulnerabilities in ConnectWise

CVE: TBD

CVSS: 10.00 CRITICAL

CVE: TBD

CVSS: 8.4 HIGH

In the last week, ConnectWise has disclosed vulnerabilities affecting versions 23.9.7 (and older) of its ScreenConnect product.

Two vulnerabilities have been identified and published via a security bulletin on the ConnectWise website.  Few details have been published, but the bulletin does indicate the following:

  • The first vulnerability allows for authentication bypass by utilisation of an alternate path or channel
  • The second vulnerability concerns the improper limitation of a pathname to a restricted directory (AKA “path traversal”)

Utilised together, these vulnerabilities would allow a threat actor to remotely execute code, or directly impact confidential data of critical systems.

ConnectWise is urging all users of ScreenConnect to update to version 23.9.8 to patch these vulnerabilities, but does insist that they have seen no evidence of exploitation in the wild.

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound