You can now find Cyber Kendra on Google News!

ConnectWise Issues Critical Security Advisory for ScreenConnect Product

ConnectWise has released a critical security advisory for its popular remote access and support tool ScreenConnect. The advisory addresses two vulnerabilities that could allow threat actors to bypass authentication and conduct path traversal attacks.

The vulnerabilities were privately disclosed to ConnectWise on February 13th through their vulnerability disclosure program. ConnectWise has stated there is no evidence these flaws have been actively exploited, but they pose a serious risk that requires immediate action.

The first vulnerability (CWE-288) is an authentication bypass that could let a remote attacker access ScreenConnect servers without proper authentication. This would provide full access to compromise confidential data or launch additional attacks.

The second flaw (CWE-22) is a path traversal vulnerability that could let an attacker traverse outside restricted directories on the server. This could potentially grant access to sensitive files and information.

Both vulnerabilities have received high severity scores on the CVSS v3.1 risk assessment scale. ConnectWise has assigned a high priority level to patch these flaws, recommending upgrades within days if possible.

The vulnerabilities impact self-hosted, on-premise installations of ScreenConnect versions 23.9.7 and earlier. Cloud-hosted ScreenConnect servers on screenconnect.com or hostedrmm.com have already been patched by ConnectWise.

For on-premise installation, administrators must upgrade to ScreenConnect version 23.9.8 immediately. ConnectWise has also released patched versions of ScreenConnect from 22.4 through 23.9.7. However, they strongly advise upgrading to 23.9.8 if possible.

While details are limited, ConnectWise stated its incident response team is actively investigating compromised accounts. This likely means threat actors are already attempting to exploit these vulnerabilities in the wild.

Quick action is required by any organization using an older, self-hosted version of ScreenConnect. Patching or upgrading the software should be an utmost priority to prevent a serious security incident.

ConnectWise has pledged to provide updated information if they discover additional details on these flaws being exploited. With remote work still widespread, any compromise of remote access software poses excessive risk. Hopefully, robust patching from the ScreenConnect user base will limit any potential impact.

Post a Comment