{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "23.9.8" } ] } ] } } ], "details": "ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel\n\n vulnerability, which may allow an attacker direct access to confidential information or \n\ncritical systems.", "id": "CVE-2024-1709", "modified": "2026-03-15T21:48:42.089901116Z", "published": "2024-02-21T16:15:50.420Z", "references": [ { "type": "WEB", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1709" }, { "type": "ADVISORY", "url": "https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/" }, { "type": "ADVISORY", "url": "https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/" }, { "type": "ADVISORY", "url": "https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8" }, { "type": "ADVISORY", "url": "https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/" }, { "type": "ADVISORY", "url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8" }, { "type": "ADVISORY", "url": "https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/" }, { "type": "FIX", "url": "https://github.com/rapid7/metasploit-framework/pull/18870" }, { "type": "EVIDENCE", "url": "https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2" }, { "type": "EVIDENCE", "url": "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc" }, { "type": "EVIDENCE", "url": "https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "type": "CVSS_V3" } ] }