Major Security Flaw in ConnectWise ScreenConnect — CVE-2024–1709

Here is the free version

CVE-2024–1709, has recently garnered significant attention within the security community.

This critical vulnerability, an authentication bypass in ConnectWise ScreenConnect, poses a significant threat to organizations relying on this widely used remote access software.

ConnectWise ScreenConnect is a comprehensive remote access software designed to facilitate seamless connectivity between IT professionals and devices across various locations.

Renowned for its robust feature set, ScreenConnect offers a range of functionalities including remote control, file transfer, and the ability to conduct remote meetings and support sessions.

It stands out in the IT management landscape for its flexibility and ease of use, providing secure and efficient solutions for managed service providers (MSPs) and organizations seeking to administer their networks and support their users remotely. Its architecture is designed to work across a diverse set of environments, making it a versatile tool for IT support teams.

CVE-2024–1709 is a stark reminder of the ever-present risks in the digital landscape.

Identified in ConnectWise ScreenConnect versions 23.9.7 and prior, this vulnerability allows unauthorized attackers to bypass authentication mechanisms, potentially leading to remote code execution (RCE).

Given its critical nature and the ease of exploitation, it has received the highest severity rating from NIST, a CVSS score of 10/10​

The Vulnerability Explained

At its core, CVE-2024–1709 exploits a weakness in the authentication process of ScreenConnect. Attackers can append a specific string to the /SetupWizard.aspx path, gaining access to the setup wizard of a previously configured system.

This access enables them to add a new administrative user, effectively compromising the system. The simplicity of this attack, combined with publicly available Proof of…