Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-1709

Published: 21/02/2024 Updated: 23/02/2024
CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Connectwise

Vulnerability Summary

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

connectwise screenconnect

Vendor Advisories

Check Point Security Alerts: ConnectWise ScreenConnect Authentication Bypass (CVE-2024-1709)
Check Point Reference: CPAI-2024-0073 Date Published: 26 Feb 2024 Severity: High ...
McAfee Security Bulletin: Ransomware Takes Advantage Of ScreenConnect Vulnerabilities
Properties Threat Severity Medium ...
McAfee Security Bulletin: Ransomware Takes Advantage Of ScreenConnect Vulnerabilities
Properties Threat Severity Medium ...
McAfee Security Bulletin: Savvy Seahorse Leverages DNS Canonical Names In Financial Scam Campaigns
Properties Threat Severity Medium ...
McAfee Security Bulletin: Savvy Seahorse Leverages DNS Canonical Names In Financial Scam Campaigns
Properties Threat Severity Medium ...
McAfee Security Bulletin: Savvy Seahorse Leverages DNS Canonical Names In Financial Scam Campaigns
Properties Threat Severity Medium ...
McAfee Security Bulletin: Savvy Seahorse Leverages DNS Canonical Names In Financial Scam Campaigns
Properties Threat Severity Medium ...
McAfee Security Bulletin: Savvy Seahorse Leverages DNS Canonical Names In Financial Scam Campaigns
Properties Threat Severity Medium ...
McAfee Security Bulletin: Savvy Seahorse Leverages DNS Canonical Names In Financial Scam Campaigns
Properties Threat Severity Medium ...
McAfee Security Bulletin: Savvy Seahorse Leverages DNS Canonical Names In Financial Scam Campaigns
Properties Threat Severity Medium ...

Github Repositories

https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE

ScreenConnect AuthBypass(cve-2024-1709) --> RCE!!!

How to use I'm using Python39 pip install requests # python checkpy python batchAdduserpy python ScreenConnect-AuthBypass-RCEpy -h usage: ScreenConnect-AuthBypass-RCEpy [-h] [-u USERNAME] [-p PASSWORD] -t TARGET [-d DOMAIN] [--proxy PROXY]

https://github.com/xaitax/SploitScan

SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated proof-of-concept (PoC) exploits.

SploitScan 📜 Description SploitScan is a powerful and user-friendly tool designed to streamline the process of identifying exploits for known vulnerabilities and their respective exploitation probability Empowering cybersecurity professionals with the capability to swiftly identify and apply known and test exploits It's particularly valuable for professionals seeking

https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc

CVE-2024-1708 and CVE-2024-1709 A Proof of Concept developed by @watchTowr to exploit an authentication bypass to add a new administrative user in ConnectWise ScreenConnect This is the first step in a trivial Remote Command Execution chain Follow the watchTowr Labs Team for our Security Research labswatchtowrcom/ twittercom/watchtowrcyber wwwbleep

https://github.com/HussainFathy/CVE-2024-1709

A Scanner for CVE-2024-1709 - ConnectWise SecureConnect Authentication Bypass Vulnerability

CVE-2024-1709 A Scanner for CVE-2024-1709 - ConnectWise SecureConnect Authentication Bypass Vulnerability Usage create a "hoststxt" file within the script's directory and include the hosts you intend to scan in the file Follow me on social media: X: xcom/HussainMFathy LinkedIn: wwwlinkedincom/in/0xsphinx Disclaimer This software has been cr

Recent Articles

ScreenConnect flaws exploited to drop new ToddleShark malware
BleepingComputer • Bill Toulas • 04 Mar 2024

ScreenConnect flaws exploited to drop new ToddleShark malware By Bill Toulas March 4, 2024 05:14 PM 0 The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddleShark. Kimsuky (aka Thallium and Velvet Chollima) is a North Korean state-sponsored hacking group known for cyber espionage attacks on organizations and governments worldwide. The threat actors are exploiting authent...

Read more...
ScreenConnect flaws exploited to drop new ToddlerShark malware
BleepingComputer • Bill Toulas • 04 Mar 2024

ScreenConnect flaws exploited to drop new ToddlerShark malware By Bill Toulas March 4, 2024 05:14 PM 0 The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark. Kimsuky (aka Thallium and Velvet Chollima) is a North Korean state-sponsored hacking group known for cyber espionage attacks on organizations and governments worldwide. The threat actors are exploiting authe...

Read more...
Ransomware gang claims they stole 6TB of Change Healthcare data
BleepingComputer • Sergiu Gatlan • 28 Feb 2024

Ransomware gang claims they stole 6TB of Change Healthcare data By Sergiu Gatlan February 28, 2024 02:33 PM 0 The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform. Change Healthcare is the largest payment exchange platform used by more than 70,000 pharmacies across the United States. UHG is the world's largest healthcare company by reve...

Read more...
FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks
BleepingComputer • Sergiu Gatlan • 27 Feb 2024

FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks By Sergiu Gatlan February 27, 2024 05:26 PM 0 Today, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. "ALPHV Blackcat affiliates have been observed primarily targeting the healthcare sector," the joint advisory cautions. Today's warning follows an April 2022 FBI flash alert and another advisory issued in December 2023 detailin...

Read more...
Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks
BleepingComputer • Sergiu Gatlan • 27 Feb 2024

Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks By Sergiu Gatlan February 27, 2024 01:53 PM 0 The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability. This critical flaw (CVE-2024-1709) allows attackers to create admin accounts on Internet-exposed servers, delete all other users, and take over any vulnerable instance. CVE-2024-1709 has been under active expl...

Read more...
UnitedHealth subsidiary Optum hack linked to BlackCat ransomware
BleepingComputer • Sergiu Gatlan • 26 Feb 2024

UnitedHealth subsidiary Optum hack linked to BlackCat ransomware By Sergiu Gatlan February 26, 2024 07:13 PM 0 A cyberattack on UnitedHealth Group subsidiary Optum that led to an ongoing outage impacting the Change Healthcare payment exchange platform was linked to the BlackCat ransomware group by sources familiar with the investigation. Change Healthcare warned customers on Wednesday that some of its services are offline because of a cybersecurity incident. One day later, UnitedHealth...

Read more...
ScreenConnect servers hacked in LockBit ransomware attacks
BleepingComputer • Sergiu Gatlan • 22 Feb 2024

ScreenConnect servers hacked in LockBit ransomware attacks By Sergiu Gatlan February 22, 2024 01:34 PM 0 Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. The maximum severity CVE-2024-1709 auth bypass flaw has been under active exploitation since Tuesday, one day after ConnectWise released security updates and several cybersecurity companies published proof-of-...

Read more...
New ScreenConnect RCE flaw exploited in ransomware attacks
BleepingComputer • Sergiu Gatlan • 22 Feb 2024

New ScreenConnect RCE flaw exploited in ransomware attacks By Sergiu Gatlan February 22, 2024 01:34 PM 0 Update February 23, 07:02 EST: Sophos published a report today saying that the ransomware payloads they spotted were built using the LockBit ransomware builder leaked online by a disgruntled malware developer in late September 2022. The samples seen by Sophos in this week's attacks were a buhtiRansom LockBit variant dropped on 30 different customer networks and a second payload...

Read more...
ScreenConnect critical bug now under attack as exploit code emerges
BleepingComputer • Bill Toulas • 21 Feb 2024

ScreenConnect critical bug now under attack as exploit code emerges By Bill Toulas February 21, 2024 12:18 PM 0 Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software. A day after the vendor published the security issues, attackers started leveraging them in attacks. CISA has assigned CVE-2024-1708 and CVE-2024-1709 identifiers to the the two security issues, ...

Read more...
Chinese snoops use F5, ConnectWise bugs to sell access into top US, UK networks
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Crew may well be working under contract for Beijing

Chinese spies exploited a couple of critical-severity bugs in F5 and ConnectWise equipment earlier this year to sell access to compromised US defense organizations, UK government agencies, and hundreds of other entities, according to Mandiant. The Google-owned threat hunters said they assess, "with moderate confidence," that a crew they track as UNC5174 was behind the exploitation of CVE-2023-46747, a 9.8-out-of-10-CVSS-rated remote code execution bug in the F5 BIG-IP Traffic Management User Int...

Read more...

References

NVD-CWE-Otherhttps://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-pochttps://github.com/rapid7/metasploit-framework/pull/18870https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypasshttps://nvd.nist.govhttps://www.theregister.co.uk/2024/03/22/china_f5_connectwise_unc5174/https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCEhttps://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0073.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook