CVE-2024-1709

CVE Published 2024-02-21
Related CWE(s) CWE-288: Authentication Bypass Using an Alternate Path or Channel
Related Vendor(s) connectwise
Related Product(s) screenconnect
Exploitation Reported (CISA KEV) 2024-02-22
CVSS 3 Base Score 10.0 (CRITICAL)
CVSS 3 Attack Complexity LOW
CVSS 3 Attack Vector NETWORK

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel

vulnerability, which may allow an attacker direct access to confidential information or

critical systems.

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Threat Reports Related to CVE-2024-1709

Report

Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect

This blog post by researchers at Mandiant describes how the threat actor UNC5174 exploited vulnerabilities in F5 BIG-IP appliances and Connectwise ...

Report

TODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant

Blog post from Kroll which describes the exploitation of vulnerabilities in ConnectWise ScreenConnect to deploy TODDLERSHARK malware which the ...

Report

Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities

This blog post gives a detailed analysis of two critical vulnerabilities (CVE-2024-1708 and CVE-2024-1709) affecting ConnectWise ScreenConnect ...

Associated CAPEC Patterns

References