CVE-2024-1709
CVE Published | 2024-02-21 |
---|---|
Related CWE(s) | CWE-288: Authentication Bypass Using an Alternate Path or Channel |
Related Vendor(s) | connectwise |
Related Product(s) | screenconnect |
Exploitation Reported (CISA KEV) | 2024-02-22 |
CVSS 3 Base Score | 10.0 (CRITICAL) |
CVSS 3 Attack Complexity | LOW |
CVSS 3 Attack Vector | NETWORK |
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph
Threat Reports Related to CVE-2024-1709
Report
Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect
This blog post by researchers at Mandiant describes how the threat actor UNC5174 exploited vulnerabilities in F5 BIG-IP appliances and Connectwise ...
Report
TODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant
Blog post from Kroll which describes the exploitation of vulnerabilities in ConnectWise ScreenConnect to deploy TODDLERSHARK malware which the ...
Report
Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities
This blog post gives a detailed analysis of two critical vulnerabilities (CVE-2024-1708 and CVE-2024-1709) affecting ConnectWise ScreenConnect ...