CVE-2024-1709

Vulnerability updated 4 months ago (2024-05-04T19:56:22.337Z)

Download STIX

Preview STIX

CVE-2024-1709 is a critical vulnerability in the ConnectWise ScreenConnect software that allows for an authentication bypass. This flaw can enable a remote non-authenticated attacker to bypass the system's authentication process and gain full access. The issue was identified by Sophos Rapid Response, which developed SQL scripts to identify machines running versions of ScreenConnect Server vulnerable to this exploit. Despite the release of patches to address these vulnerabilities, many systems remain exposed due to insufficient update practices. The exploitation of this vulnerability has been linked to numerous cyberattacks involving the delivery of various malicious payloads. Among the threat actors exploiting this flaw are the BlackCat, Black Basta, and Bloody ransomware groups. These attackers have used CVE-2024-1709 to create admin accounts, delete existing users, and take over vulnerable instances, causing significant damage and disruption to affected organizations. Notably, the BlackCat group denied using this vulnerability in attacks on Change Healthcare's network, despite contrary reports from sources familiar with the investigation. In response to these threats, Check Point's IPS blade provides protection against these exploits, including the ConnectWise ScreenConnect Remote Code Execution (CVE-2024-1708) and the ConnectWise ScreenConnect Authentication Bypass (CVE-2024-1709). However, the continued exploitation of CVE-2024-1709 underscores the importance of prompt patch application and robust cybersecurity practices to protect against these types of vulnerabilities.

Description last updated: 2024-03-17T01:21:09.507Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

ConnectWise

Vulnerability

Screenconnect

Ransomware

CISA

Exploit

Traversal

Healthcare

Exploits

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Black Basta	Unspecified	4	Black Basta is a notorious malware group known for its ransomware activities. The group has been active since at least early 2022, during which time it has accumulated an estimated $107 million in Bitcoin ransom payments. It leverages malicious software to infiltrate and exploit computer systems, of
Lockbit	Unspecified	2	LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc
Toddleshark	Unspecified	2	ToddleShark is a new variant of malware, believed to be an evolution of Kimsuky's BabyShark and ReconShark backdoors. It has been identified by Kroll's analysts as being used by the North Korean APT hacking group Kimsuky to target government organizations, research centers, universities, and think t

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Bl00dy	Unspecified	3	Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

ID	Type	Votes	Profile Description
CVE-2024-1708	Unspecified	4	CVE-2024-1708 is a high-severity software vulnerability found in ConnectWise's ScreenConnect software, specifically targeting versions 23.9.7 and earlier. The flaw was officially disclosed by ConnectWise on February 19, 2024. This vulnerability, alongside another (CVE-2024-1709), presents significan

Source Document References

Information about the CVE-2024-1709 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	4 months ago	500 Victims In, Black Basta Reinvents With Novel Vishing Strategy
CISA	4 months ago	#StopRansomware: Black Basta \| CISA
BankInfoSecurity	6 months ago	Likely Chinese Hacking Contractor Is Quick to Exploit N-Days
CERT-EU	6 months ago	GRIT Ransomware Report: February 2024 \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	6 months ago	Multiple Vulnerabilities Found In ConnectWise ScreenConnect \| Zscaler
CERT-EU	6 months ago	Cyber Security Week in Review: March 8, 2024
CERT-EU	6 months ago	How Ransomware Fallout Is Rippling Through the US Health Care System \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	6 months ago	North Korea’s Kimsuky gang joins rush to exploit new ScreenConnect bugs
DARKReading	6 months ago	North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware
CERT-EU	6 months ago	ConnectWise ScreenConnect Subdomain Listed as IoC in CISA's BlackCat Ransomware Advisory
CERT-EU	6 months ago	Critical ScreenConnect flaws exploited to deploy Babyshark malware variant
CERT-EU	6 months ago	ScreenConnect flaws exploited to drop new ToddleShark malware
Checkpoint	6 months ago	4th March – Threat Intelligence Report - Check Point Research
CERT-EU	6 months ago	Cyber Security Week in Review: March 1, 2024
CERT-EU	6 months ago	Week in review: LockBit leak site is back online, NIST updates its Cybersecurity Framework - Help Net Security
CERT-EU	6 months ago	Week in review: LockBit leak site is back online, NIST updates its Cybersecurity Framework \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	6 months ago	ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack
CERT-EU	6 months ago	Healthcare in Crosshairs: ALPHV/Blackcat Ransomware Threat Escalates, FBI Issues Warning
CERT-EU	6 months ago	Black Basta Ransomware Attack: 5 New Victims Exposed \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	6 months ago	Ransomware Gangs Seen Exploiting ScreenConnect Vulnerability