CVE-2024-1708

Vulnerability updated 7 days ago (2024-11-29T14:26:17.130Z)
Download STIX
Preview STIX
CVE-2024-1708 is a high-severity path traversal vulnerability that was discovered in ConnectWise's ScreenConnect software. This flaw, which affects versions 23.9.7 and earlier, allows a remote privileged user to read arbitrary files on the system using a specially crafted HTTP request. ConnectWise disclosed this vulnerability, along with an authentication bypass issue (CVE-2024-1709), on February 19, 2024, highlighting the potential for full system compromise if these vulnerabilities are exploited. Shortly after the disclosure, cybercriminals began actively exploiting these vulnerabilities, particularly CVE-2024-1708, to deliver ransomware attacks. Notably, Sophos' threat response task force reported observing several LockBit attacks within 24 hours of the disclosure, apparently exploiting the newly revealed ScreenConnect vulnerabilities. These attacks were also linked to certain IP addresses that were observed trying to exploit the same vulnerabilities in February 2024. The exploitation of these vulnerabilities poses serious security risks, especially as they have been used by various initial access brokers and threat groups to deliver ransomware. The first flaw, CVE-2024-1708, is critical for its ability to bypass authentication, while the second flaw, a path traversal issue (CVE-2024-1709), is high-severity due to its potential for lateral movement within systems, potentially compromising critical systems and data. Protection against these threats is provided by Check Point IPS blade.
Description last updated: 2024-09-10T13:16:24.695Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
ConnectWise
Screenconnect
Exploit
Traversal
Ransomware
Vulnerability
Healthcare
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Black Basta Malware is associated with CVE-2024-1708. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defensesUnspecified
2
The Lockbit Malware is associated with CVE-2024-1708. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Bl00dy Threat Actor is associated with CVE-2024-1708. Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant iUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2024-1709 Vulnerability is associated with CVE-2024-1708. CVE-2024-1709 is a critical vulnerability in the ConnectWise ScreenConnect software that allows for an authentication bypass. This flaw can enable a remote non-authenticated attacker to bypass the system's authentication process and gain full access. The issue was identified by Sophos Rapid ResponseUnspecified
5
Source Document References
Information about the CVE-2024-1708 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Unit42
3 months ago
CERT-EU
9 months ago
DARKReading
6 months ago
Securelist
7 months ago
CISA
7 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
DARKReading
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
Checkpoint
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
Securityaffairs
9 months ago
CERT-EU
9 months ago