CVE-2024-1709 Scanner

ConnectWise ScreenConnect is a remote support and remote access software utilized by IT professionals and managed service providers to connect to client systems for troubleshooting and assistance. It facilitates secure remote connections for technical support purposes, enabling efficient problem resolution and system management across various platforms and devices.

The vulnerability detected in ConnectWise ScreenConnect is an Authentication Bypass Using an Alternate Path or Channel flaw present in versions 23.9.7 and prior. This vulnerability allows an attacker to bypass authentication mechanisms and gain unauthorized access to the ScreenConnect application, potentially compromising confidential information or critical systems accessible via the platform.

The vulnerability is exploited by sending a crafted HTTP GET request to the '/SetupWizard.aspx/{{string}}' endpoint of the ScreenConnect application. By manipulating the request parameters, the attacker can bypass the authentication process and access sensitive functionalities intended for authenticated users. Successful exploitation of this vulnerability grants the attacker direct access to confidential information or critical systems managed via ScreenConnect.

Exploiting the Authentication Bypass vulnerability in ConnectWise ScreenConnect can lead to severe consequences, including unauthorized access to sensitive systems and data, potential data breaches, and compromise of critical infrastructure managed by the affected organization. Attackers could exploit this flaw to gain full control over the ScreenConnect application, posing significant risks to the confidentiality, integrity, and availability of the organization's IT assets.

Protect your organization from the risks posed by the Authentication Bypass vulnerability in ConnectWise ScreenConnect by leveraging the comprehensive security scanning capabilities of the securityforeveryone platform. Join our platform to identify and remediate critical vulnerabilities like CVE-2024-1709, ensuring the security and integrity of your remote access infrastructure and safeguarding your sensitive data from unauthorized access and exploitation.

References

• https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
• https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
• https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
• https://nvd.nist.gov/vuln/detail/CVE-2024-1709