CVE-2024-1708

Vulnerability updated 4 months ago (2024-05-22T13:17:28.646Z)
Download STIX
Preview STIX
CVE-2024-1708 is a high-severity software vulnerability found in ConnectWise's ScreenConnect software, specifically targeting versions 23.9.7 and earlier. The flaw was officially disclosed by ConnectWise on February 19, 2024. This vulnerability, alongside another (CVE-2024-1709), presents significant security risks due to the presence of an authentication bypass issue and a path traversal problem. Cybercriminals can exploit these vulnerabilities to gain initial access to systems, move laterally within them, and potentially compromise critical data and systems. Within 24 hours of disclosure, several LockBit attacks were observed exploiting these vulnerabilities, as reported by Sophos' threat response task force. Notably, the path traversal issue (CVE-2024-1708) allows a remote privileged user to read arbitrary files on the system using a specially crafted HTTP request. Furthermore, this vulnerability has been exploited by numerous initial access brokers and threat groups to deliver ransomware, posing a severe risk to affected systems. In response to these threats, Check Point IPS blade has provided protection against both the ConnectWise ScreenConnect Remote Code Execution (CVE-2024-1708) and the ConnectWise ScreenConnect Authentication Bypass (CVE-2024-1709). To mitigate these vulnerabilities, users of ConnectWise ScreenConnect are urged to update their software to the latest version, which contains patches for these flaws.
Description last updated: 2024-05-22T13:15:38.513Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
ConnectWise
Screenconnect
Traversal
Ransomware
Exploit
Vulnerability
Healthcare
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
2
LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc
Black BastaUnspecified
2
Black Basta is a notorious malware group known for its ransomware activities. The group has been active since at least early 2022, during which time it has accumulated an estimated $107 million in Bitcoin ransom payments. It leverages malicious software to infiltrate and exploit computer systems, of
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
Bl00dyUnspecified
2
Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
CVE-2024-1709Unspecified
4
CVE-2024-1709 is a critical vulnerability in the ConnectWise ScreenConnect software that allows for an authentication bypass. This flaw can enable a remote non-authenticated attacker to bypass the system's authentication process and gain full access. The issue was identified by Sophos Rapid Response
Source Document References
Information about the CVE-2024-1708 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
6 months ago
Hackers Actively Hijacking ConnectWise ScreenConnect server
DARKReading
4 months ago
Critical Netflix Genie Bug Opens Big Data Orchestration to RCE
Securelist
4 months ago
Analyzing the vulnerability landscape in Q1 2024
CISA
4 months ago
CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities | CISA
CERT-EU
6 months ago
GRIT Ransomware Report: February 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
6 months ago
Multiple Vulnerabilities Found In ConnectWise ScreenConnect | Zscaler
CERT-EU
6 months ago
Cyber Security Week in Review: March 8, 2024
CERT-EU
6 months ago
How Ransomware Fallout Is Rippling Through the US Health Care System | #ransomware | #cybercrime | National Cyber Security Consulting
DARKReading
6 months ago
North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware
CERT-EU
6 months ago
Critical ScreenConnect flaws exploited to deploy Babyshark malware variant
CERT-EU
6 months ago
ScreenConnect flaws exploited to drop new ToddleShark malware
Checkpoint
6 months ago
4th March – Threat Intelligence Report - Check Point Research
CERT-EU
6 months ago
Cyber Security Week in Review: March 1, 2024
CERT-EU
6 months ago
Week in review: LockBit leak site is back online, NIST updates its Cybersecurity Framework - Help Net Security
CERT-EU
6 months ago
Week in review: LockBit leak site is back online, NIST updates its Cybersecurity Framework | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
6 months ago
ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack
CERT-EU
6 months ago
Ransomware Gangs Seen Exploiting ScreenConnect Vulnerability
Securityaffairs
6 months ago
Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs
CERT-EU
6 months ago
New Vulnerabilities in ConnectWise ScreenConnect Massively Exploited by Attackers
CERT-EU
6 months ago
Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks