Critical Flaws Found in ConnectWise ScreenConnect Software – Patch Now

We Keep you Connected

Critical Flaws Found in ConnectWise ScreenConnect Software – Patch Now

ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems.
The vulnerabilities, which currently lack CVE identifiers, are listed below –
The company deemed the severity of the issues as critical, citing they “could allow the ability to execute remote code or directly impact confidential data or critical systems.”
Both the vulnerabilities impact ScreenConnect versions 23.9.7 and prior, with fixes available in version 23.9.8. The flaws were reported to the company on February 13, 2024.
While there is no evidence that the shortcomings have been exploited in the wild, users who are running self-hosted or on-premise versions are recommended to update to the latest version as soon as possible.
“ConnectWise will also provide updated versions of releases 22.4 through 23.9.7 for the critical issue, but strongly recommend that partners update to ScreenConnect version 23.9.8,” the IT management software company said.
Cybersecurity firm Huntress said it found more than 8,800 servers running a vulnerable version of ScreenConnect. It has also demonstrated a proof-of-concept (PoC) exploit that it said can be “recreated with ease and required minimal technical knowledge” and used to bypass authentication on unpatched ScreenConnect servers.
⚡ Free Risk Assessment from Vanta
Generate a gap assessment of your security and compliance posture, discover shadow IT, and more.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE