An alert has been issued to users of ConnectWise’s ScreenConnect software on any platform.
These vulnerabilities impact the version 23.9.7 and prior.
Customers are encouraged to patch to the latest version of ScreenConnect.
Background / What has happened?
- ConnectWise have posted a security advisory and patch to address the vulnerabilitiy in CVE-2024-1709.
- CVE-2024-1709 is a vulnerability that could allow an unauthenticated attacker to remotely run arbitrary code without user interaction via creation of a new account with administrator privileges.
- All users of ConnectWise’s ScreenConnect are encouraged to update to the patched version immediately.
- ConnectWise has confirmed active exploitation.
Affected versions / applications:
- CVE-2024-1709: This vulnerability impacts all versions of ConnectWise’s ScreenConnect from 23.9.7 and prior.
Mitigation / How do I stay secure?
- The ASD’s ACSC recommends individuals, business, organisations and government entities patch to the latest version of ScreenConnect.
- Customers who are using ScreenConnect should look for recently created administrative user accounts.
- It is currently unclear if patching will remove created administrative accounts, therefore further investigation and remediation is required.
- Indicators of compromise (IOCs) can be be found in ConnectWise’s security release.
Organisations or individuals that have been impacted or require assistance can contact 1300 CYBER1 (1300 292 371).