Vulnerability feed

Vulnerability

CVE-2024-1709

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2024-1709
Description:: ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
Last updated date:: 02/23/2024

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 02/22/2024
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 02/26/2024
Reference url to background: https://www.helpnetsecurity.com/2024/02/26/cve-2024-1709-exploited/

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/21/2024
Reference url to background: https://nvd.nist.gov/vuln/detail/CVE-2024-1709

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/21/2024
Reference url to background: https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/22/2024
Reference url to background: https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/22/2024
Reference url to background: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/23/2024
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/connectwise_screenconnect_rce_cve_2024_1709.rb

Vulnerability Feed Contributors About Blog

@inTheWild

©2024 |