CVE-2024-1708

Vulnerability updated 4 days ago (2024-11-29T14:26:17.130Z)

Download STIX

Preview STIX

CVE-2024-1708 is a high-severity path traversal vulnerability that was discovered in ConnectWise's ScreenConnect software. This flaw, which affects versions 23.9.7 and earlier, allows a remote privileged user to read arbitrary files on the system using a specially crafted HTTP request. ConnectWise disclosed this vulnerability, along with an authentication bypass issue (CVE-2024-1709), on February 19, 2024, highlighting the potential for full system compromise if these vulnerabilities are exploited. Shortly after the disclosure, cybercriminals began actively exploiting these vulnerabilities, particularly CVE-2024-1708, to deliver ransomware attacks. Notably, Sophos' threat response task force reported observing several LockBit attacks within 24 hours of the disclosure, apparently exploiting the newly revealed ScreenConnect vulnerabilities. These attacks were also linked to certain IP addresses that were observed trying to exploit the same vulnerabilities in February 2024. The exploitation of these vulnerabilities poses serious security risks, especially as they have been used by various initial access brokers and threat groups to deliver ransomware. The first flaw, CVE-2024-1708, is critical for its ability to bypass authentication, while the second flaw, a path traversal issue (CVE-2024-1709), is high-severity due to its potential for lateral movement within systems, potentially compromising critical systems and data. Protection against these threats is provided by Check Point IPS blade.

Description last updated: 2024-09-10T13:16:24.695Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

ConnectWise

Screenconnect

Exploit

Traversal

Ransomware

Vulnerability

Healthcare

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Black Basta Malware is associated with CVE-2024-1708. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defenses	Unspecified	2
The Lockbit Malware is associated with CVE-2024-1708. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers or	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Bl00dy Threat Actor is associated with CVE-2024-1708. Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2024-1709 Vulnerability is associated with CVE-2024-1708. CVE-2024-1709 is a critical vulnerability in the ConnectWise ScreenConnect software that allows for an authentication bypass. This flaw can enable a remote non-authenticated attacker to bypass the system's authentication process and gain full access. The issue was identified by Sophos Rapid Response	Unspecified	5

Source Document References

Information about the CVE-2024-1708 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Unit42	3 months ago	Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware
CERT-EU	9 months ago	Hackers Actively Hijacking ConnectWise ScreenConnect server
DARKReading	6 months ago	Critical Netflix Genie Bug Opens Big Data Orchestration to RCE
Securelist	7 months ago	Analyzing the vulnerability landscape in Q1 2024
CISA	7 months ago	CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities \| CISA
CERT-EU	9 months ago	GRIT Ransomware Report: February 2024 \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	9 months ago	Multiple Vulnerabilities Found In ConnectWise ScreenConnect \| Zscaler
CERT-EU	9 months ago	Cyber Security Week in Review: March 8, 2024
CERT-EU	9 months ago	How Ransomware Fallout Is Rippling Through the US Health Care System \| #ransomware \| #cybercrime \| National Cyber Security Consulting
DARKReading	9 months ago	North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware
CERT-EU	9 months ago	Critical ScreenConnect flaws exploited to deploy Babyshark malware variant
CERT-EU	9 months ago	ScreenConnect flaws exploited to drop new ToddleShark malware
Checkpoint	9 months ago	4th March – Threat Intelligence Report - Check Point Research
CERT-EU	9 months ago	Cyber Security Week in Review: March 1, 2024
CERT-EU	9 months ago	Week in review: LockBit leak site is back online, NIST updates its Cybersecurity Framework - Help Net Security
CERT-EU	9 months ago	Week in review: LockBit leak site is back online, NIST updates its Cybersecurity Framework \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	9 months ago	ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack
CERT-EU	9 months ago	Ransomware Gangs Seen Exploiting ScreenConnect Vulnerability
Securityaffairs	9 months ago	Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs
CERT-EU	9 months ago	New Vulnerabilities in ConnectWise ScreenConnect Massively Exploited by Attackers