- This lightweight laptop has one of the best displays I've seen, and it's on sale now
- Splunk Urges Australian Organisations to Secure LLMs
- The journey to fully autonomous AI agents and the venture capitalists funding them
- The best email hosting services of 2024: Expert tested
- One of the most immersive soundbars I've tested is not a Bose or Sonos (and it's $200 off)
Frequently Asked Questions about ScreenConnect Vulnerabilities
Frequently asked questions about two vulnerabilities affecting ConnectWise ScreenConnect
Background
The Tenable Security Response Team has put together this blog to answer Frequently Asked Questions (FAQ) regarding two vulnerabilities impacting ScreenConnect, a Remote Monitoring and Management (RMM) solution from ConnectWise.
FAQ
What are the ScreenConnect vulnerabilities and when were they disclosed?
On February 19, ConnectWise released a security advisory for two vulnerabilities affecting their RMM product, ScreenConnect. At the time the advisory was released, no CVE identifiers had been released for the vulnerabilities.
| CVE | Description | CVSSv3 |
|---|---|---|
| N/A | Authentication bypass that could allow an attacker to execute remote code or directly impact confidential data or critical systems. | 10 |
| N/A | A path traversal vulnerability that could allow an attacker to access confidential data | 8.4 |
Which versions of ConnectWise are affected?
ScreenConnect versions 23.9.7 and prior are affected by these vulnerabilities. These vulnerabilities only impact self-hosted or on-premise installations. Cloud customers who have ScreenConnect servers hosted on the “screenconnect.com” or “hostedrmm.com” are not impacted as updates have been made to the cloud service to address these vulnerabilities.
The advisory also notes that updated versions of ScreenConnect 22.4 through 23.9.7 will be released, however they still strongly recommend upgrading to ScreenConnect version 23.9.8.
Have any of these vulnerabilities been exploited?
As of February 20, no known exploitation has been observed for either of these vulnerabilities.
Has any Proof-of-Concept (PoC) code been released?
As of February 20, a blog by Huntress indicates that their researchers have reproduced these vulnerabilities and developed a working PoC, however they have chosen not to release the exploit code. Additionally, researchers at Horizon3 Attack Team posted to X (formerly known as Twitter) about their own PoC for the authentication bypass vulnerability, adding that it is “extremely trivial to reverse and exploit” that they plan to publish it along with a blog post soon.
The recent #ConnectWise #ScreenConnect authentication bypass vulnerability is extremely trivial to reverse and exploit. Blog and exploit POC will drop soon. pic.twitter.com/mEIaRetKxQ
— Horizon3 Attack Team (@Horizon3Attack) February 20, 2024
Are patches or mitigations available?
As of February 19 when the security advisory was released, ScreenConnect version 23.9.8 has been released to address these vulnerabilities. No mitigation steps were provided by ConnectWise.
Has Tenable released any product coverage for these vulnerabilities?
As of February 20, Tenable Research is investigating product coverage for these issues.
Get more information
Join Tenable’s Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
