You are here

Vulnerability Awareness – Exploitation Broadens in ConnectWise ScreenConnect Flaws

Vulnerability Awareness – Exploitation Broadens in ConnectWise ScreenConnect Flaws

Created: Thursday, February 29, 2024 - 12:51
Categories:
Cybersecurity, Security Preparedness

Two recently resolved vulnerabilities in ConnectWise ScreenConnect, tracked as CVE-2024-1709 and CVE-2024-1708 (CVSS scores of 10 and 8.4, respectively) are being exploited by more and more threat actors. This greater interest among varied threat actors is broadening the threat and escalating urgency of remediation. Affected versions include ScreenConnect 23.9.7 and earlier versions. Patches were announced by ConnectWise on February 19, yet they have later warned of ongoing exploitation. The issue is further exacerbated by the ease at which threat actors can exploit this vulnerability.

WaterISAC is sharing this information for awareness and urges members to apply the relevant patches if affected versions of ConnectSecure are being used. For more information, access Security Week.

Additional Resources: