CVE-2024-1709

Vulnerability updated a month ago (2024-11-29T14:32:49.674Z)
Download STIX
Preview STIX
CVE-2024-1709 is a critical vulnerability in the ConnectWise ScreenConnect software that allows for an authentication bypass. This flaw can enable a remote non-authenticated attacker to bypass the system's authentication process and gain full access. The issue was identified by Sophos Rapid Response, which developed SQL scripts to identify machines running versions of ScreenConnect Server vulnerable to this exploit. Despite the release of patches to address these vulnerabilities, many systems remain exposed due to insufficient update practices. The exploitation of this vulnerability has been linked to numerous cyberattacks involving the delivery of various malicious payloads. Among the threat actors exploiting this flaw are the BlackCat, Black Basta, and Bloody ransomware groups. These attackers have used CVE-2024-1709 to create admin accounts, delete existing users, and take over vulnerable instances, causing significant damage and disruption to affected organizations. Notably, the BlackCat group denied using this vulnerability in attacks on Change Healthcare's network, despite contrary reports from sources familiar with the investigation. In response to these threats, Check Point's IPS blade provides protection against these exploits, including the ConnectWise ScreenConnect Remote Code Execution (CVE-2024-1708) and the ConnectWise ScreenConnect Authentication Bypass (CVE-2024-1709). However, the continued exploitation of CVE-2024-1709 underscores the importance of prompt patch application and robust cybersecurity practices to protect against these types of vulnerabilities.
Description last updated: 2024-03-17T01:21:09.507Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
ConnectWise
Vulnerability
Screenconnect
Ransomware
CISA
Exploit
Traversal
Healthcare
Exploits
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Black Basta Malware is associated with CVE-2024-1709. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defensesUnspecified
4
The Lockbit Malware is associated with CVE-2024-1709. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
2
The Toddleshark Malware is associated with CVE-2024-1709. ToddleShark is a new variant of malware, believed to be an evolution of Kimsuky's BabyShark and ReconShark backdoors. It has been identified by Kroll's analysts as being used by the North Korean APT hacking group Kimsuky to target government organizations, research centers, universities, and think tUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Bl00dy Threat Actor is associated with CVE-2024-1709. Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant iUnspecified
3
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2024-1708 Vulnerability is associated with CVE-2024-1709. CVE-2024-1708 is a high-severity path traversal vulnerability that was discovered in ConnectWise's ScreenConnect software. This flaw, which affects versions 23.9.7 and earlier, allows a remote privileged user to read arbitrary files on the system using a specially crafted HTTP request. ConnectWise dUnspecified
5
Source Document References
Information about the CVE-2024-1709 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Unit42
4 months ago
DARKReading
7 months ago
CISA
8 months ago
BankInfoSecurity
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
DARKReading
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
Checkpoint
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago