Frequently Asked Questions about ScreenConnect Vulnerabilities


Frequently asked questions about two vulnerabilities affecting ConnectWise ScreenConnect

Background

The Tenable Security Response Team has put together this blog to answer Frequently Asked Questions (FAQ) regarding two vulnerabilities impacting ScreenConnect, a Remote Monitoring and Management (RMM) solution from ConnectWise.

FAQ

What are the ScreenConnect vulnerabilities and when were they disclosed?

On February 19, ConnectWise released a security advisory for two vulnerabilities affecting their RMM product, ScreenConnect. At the time the advisory was released, no CVE identifiers had been released for the vulnerabilities.

CVE Description CVSSv3
N/A Authentication bypass that could allow an attacker to execute remote code or directly impact confidential data or critical systems. 10
N/A A path traversal vulnerability that could allow an attacker to access confidential data 8.4

Which versions of ConnectWise are affected?

ScreenConnect versions 23.9.7 and prior are affected by these vulnerabilities. These vulnerabilities only impact self-hosted or on-premise installations. Cloud customers who have ScreenConnect servers hosted on the “screenconnect.com” or “hostedrmm.com” are not impacted as updates have been made to the cloud service to address these vulnerabilities.

The advisory also notes that updated versions of ScreenConnect 22.4 through 23.9.7 will be released, however they still strongly recommend upgrading to ScreenConnect version 23.9.8.

Have any of these vulnerabilities been exploited?

As of February 20, no known exploitation has been observed for either of these vulnerabilities.

Has any Proof-of-Concept (PoC) code been released?

As of February 20, a blog by Huntress indicates that their researchers have reproduced these vulnerabilities and developed a working PoC, however they have chosen not to release the exploit code. Additionally, researchers at Horizon3 Attack Team posted to X (formerly known as Twitter) about their own PoC for the authentication bypass vulnerability, adding that it is “extremely trivial to reverse and exploit” that they plan to publish it along with a blog post soon.

Are patches or mitigations available?

As of February 19 when the security advisory was released, ScreenConnect version 23.9.8 has been released to address these vulnerabilities. No mitigation steps were provided by ConnectWise.

Has Tenable released any product coverage for these vulnerabilities?

As of February 20, Tenable Research is investigating product coverage for these issues.

Get more information

Join Tenable’s Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.





Source link