Two recently resolved vulnerabilities in ConnectWise ScreenConnect, tracked as CVE-2024-1709 and CVE-2024-1708 (CVSS scores of 10 and 8.4, respectively) are being exploited by more and more threat actors. This greater interest among varied threat actors is broadening the threat and escalating urgency of remediation. Affected versions include ScreenConnect 23.9.7 and earlier versions. Patches were announced by ConnectWise on February 19, yet they have later warned of ongoing exploitation. The issue is further exacerbated by the ease at which threat actors can exploit this vulnerability.
WaterISAC is sharing this information for awareness and urges members to apply the relevant patches if affected versions of ConnectSecure are being used. For more information, access Security Week.
Additional Resources:
- Think Your ScreenConnect Server Is Hacked? Here’s What To Look For | Huntress
- SlashAndGrab: ScreenConnect Post-Exploitation in the Wild | Huntress
- SlashAndGrab: The ConnectWise ScreenConnect Vulnerability Explained | Huntress
- Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities | Trendmicro
- Remediation and Hardening Guide for ConnectWise ScreenConnect Vulnerabilities | Mandiant
- ScreenConnect flaws exploited to deliver all kinds of malware | Help Net Security
- Exclusive: Cyberattack on Change Healthcare was an exploit of the ConnectWise flaw | SC Media
