Critical ScreenConnect Vulnerability: Authentication Bypass Risk

A critical vulnerability has been uncovered in ConnectWise’s ScreenConnect. Identified under CVE-2024-1709, this susceptibility poses a significant threat, prompting immediate and decisive action to safeguard sensitive information and maintain operational integrity.

Importantly, for our clients and partners, OneNeck has not been impacted by this vulnerability. However, we recognize the importance of staying informed on all potential security threats and providing guidance on mitigation strategies to our partners and customers.

A Closer Look at the ScreenConnect Vulnerability

Initially reported on February 13, 2024, through ConnectWise’s vulnerability disclosure channel, the exposures demand immediate action from on-premise customers. These security risks involve:

• CWE-288: Authentication bypass using an alternate path or channel
• CWE-22: Improper limitation of a pathname to a restricted directory (“path traversal”)

Both vulnerabilities highlight the need for stringent security measures. The CVSS score stands at a critical 10 for CWE-288, underlining the severity of the threat. This score is calculated based on several metrics, indicating that the vulnerability is easily exploitable and the potentially high impact on confidentiality, integrity, and availability that could result. 

Indicators of Compromise

The following IP addresses have been identified by ConnectWise as being used by threat actors and are provided below for your protection and defense.

IOCs:

155.133.5.15

155.133.5.14

118.69.65.60

ConnectWise’s Response and Remediation Steps

ConnectWise promptly issued a security bulletin outlining remediation steps after discovering the vulnerability. Cloud customers, including those using “screenconnect.com” and “hostedrmm.com,” were automatically secured against these vulnerabilities as of February 19, requiring no additional actions on their part.

On-prem users, on the other hand, are urged to update to the latest ScreenConnect version, 23.9.10.8817, immediately to protect against these threats, with version 23.9.8 being the minimum requirement to mitigate the reported vulnerabilities. Notably, ConnectWise has lifted license restrictions to ensure all customers, even those not currently under maintenance, can upgrade to the latest version.

• For instructions on updating to the newest release, please reference this document.
• Link to patch: Download

Immediate Steps for ScreenConnect Users

The identification of CVE-2024-1709 necessitates immediate action from ConnectWise partners. As mentioned above for cloud users, remediation has been automatically applied, ensuring security without further steps needed, though continued monitoring of your environment is highly recommended. For on-premises users, updating your systems is critical. Upgrading to the latest ScreenConnect version is not just recommended; it’s essential for safeguarding against potential exploitation.

Best Practices and a Partner That Has Your Back

The discovery of this issue serves as a valuable lesson for all organizations in the importance of timely updates and the implementation of a robust cybersecurity framework.

Key recommendations include:

• Regularly updating and patching software to mitigate vulnerabilities.
• Monitoring systems for indicators of compromise to detect and respond to threats promptly.
• Educating stakeholders about the importance of cybersecurity hygiene.

At OneNeck, the security of our customers is our top priority. We are dedicated to informing our customers about potential security threats, regardless of whether we directly manage those services. Our commitment extends beyond mere awareness; we actively provide support and guidance to ensure our customers can navigate the cybersecurity landscape confidently. Should you need assistance or have concerns about your security posture, our Customer Support Center is ready to help.

Additional Resources: