CVE-2024-1708 – This path traversal vulnerability in ConnectWis... (How to Fix)

Q: What is the severity of CVE-2024-1708?

CVE-2024-1708 has a CVSS score of 8.4 (HIGH). This path traversal vulnerability in ConnectWise ScreenConnect allows attackers to bypass authentication and potentially execute remote code or access sensitive data. It affects all organizations using ScreenConnect versions 23.9.7 and earlier. The vulnerability is particularly dangerous because it can be exploited without authentication.

📋 TL;DR

This path traversal vulnerability in ConnectWise ScreenConnect allows attackers to bypass authentication and potentially execute remote code or access sensitive data. It affects all organizations using ScreenConnect versions 23.9.7 and earlier. The vulnerability is particularly dangerous because it can be exploited without authentication.

💻 Affected Systems

Products:

ConnectWise ScreenConnect

Versions: 23.9.7 and prior

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Screenconnect by Connectwise

View all CVEs affecting Screenconnect →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution leading to data theft, ransomware deployment, or lateral movement across the network.

🟠

Likely Case

Unauthorized access to ScreenConnect sessions, credential theft, and potential privilege escalation within the ScreenConnect environment.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external exploitation, though internal threats remain.

🌐 Internet-Facing: HIGH - Internet-facing instances are directly exploitable without authentication, making them prime targets.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable but require initial network access, reducing exposure surface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is straightforward with publicly available proof-of-concept code. Mass scanning and exploitation attempts have been observed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 23.9.8

Vendor Advisory: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

Restart Required: Yes

Instructions:

1. Download ScreenConnect 23.9.8 from ConnectWise portal. 2. Backup current installation. 3. Run installer to upgrade. 4. Restart ScreenConnect services. 5. Verify version in web interface.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to ScreenConnect instances using firewalls or network segmentation.

Disable External Access

all

Temporarily disable internet-facing access until patching can be completed.

🧯 If You Can't Patch

Immediately isolate vulnerable instances from internet access
Implement strict network segmentation and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check ScreenConnect version in web interface under Help > About. If version is 23.9.7 or earlier, system is vulnerable.

Check Version:

Check web interface at https://[your-instance]/About or examine installation directory version files.

Verify Fix Applied:

Verify version shows 23.9.8 or later in Help > About. Test authentication requirements for all access paths.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication bypass patterns
Unexpected file access in ScreenConnect logs
Access to restricted paths without proper authentication

Network Indicators:

Unusual outbound connections from ScreenConnect server
Traffic patterns indicating exploitation attempts

SIEM Query:

source="screenconnect" AND (event="authentication_failure" OR event="file_access") | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2024-1708

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-22

Published: February 21, 2024

Last Updated: November 21, 2024

🔗 References

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 Vendor Advisory
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Exploit,Third Party Advisory
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 Vendor Advisory
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1708, you might also want to check these: