10

CVE-2024-1709

Warnung
Medienbericht
Exploit

Authentication bypass using an alternate path or channel

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel

 vulnerability, which may allow an attacker direct access to confidential information or 

critical systems.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ConnectwiseScreenconnect Version < 23.9.8

22.02.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

ConnectWise ScreenConnect Authentication Bypass Vulnerability

Schwachstelle

ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 99.96% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 3.9 6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9119a7d8-5eab-497f-8521-727c672e3725 10 3.9 6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
29.04.2026 11:08
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
29.04.2026 11:08
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
10.04.2026 15:19
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
06.04.2026 19:00
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
Vendor Advisory
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Third Party Advisory
Exploit
https://github.com/rapid7/metasploit-framework/pull/18870
Patch
Third Party Advisory
Issue Tracking
https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
Third Party Advisory
Exploit
https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/
Third Party Advisory
Press/Media Coverage
https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
Third Party Advisory
Press/Media Coverage
https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/
Third Party Advisory
https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
Third Party Advisory
Exploit
https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
Third Party Advisory
https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
Third Party Advisory
Press/Media Coverage
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1709
US Government Resource