CVE-2024-1709: ConnectWise ScreenConnect Authentication Bypass

ConnectWise ScreenConnect Authentication Bypass Vulnerability. ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.

• CISA KEV-listed (remediation due 2024-02-29)
• used in ransomware campaigns
• EPSS 94.4% (100.0% percentile)

Detection rules

• CVE-2024-1212 Exploitation - Progress Kemp LoadMaster Unauthenticated Command Injection high
• CVE-2024-1708 - ScreenConnect Path Traversal Exploitation medium
• ScreenConnect User Database Modification medium
• CVE-2024-1709 - ScreenConnect Authentication Bypass Exploitation critical
• ScreenConnect User Database Modification - Security medium
• ScreenConnect - SlashAndGrab Exploitation Indicators high
• Remote Access Tool - ScreenConnect Remote Command Execution - Hunting medium
• Potentially Suspicious File Download From File Sharing Domain Via PowerShell.EXE high
• Suspicious PowerShell IEX Execution Patterns high
• Remote Access Tool - ScreenConnect Potential Suspicious Remote Command Execution medium
• Remote Access Tool - Simple Help Execution medium
• User Added To Highly Privileged Group high
• Weak or Abused Passwords In CLI medium

Browse the CVE database

Read the full analysis on IntelFusions