ScreenConnect Auth bypass (CVE-2024-1709)
Description
ConnectWise ScreenConnect versions prior to 23.9.8 contain an authentication bypass vulnerability (CVE-2024-1709) that allows unauthenticated attackers to access the administrative setup wizard. By crafting a specially formatted URL path, attackers can circumvent authentication controls and gain unauthorized access to sensitive configuration interfaces. This vulnerability is often exploited in conjunction with CVE-2024-1708 to achieve remote code execution.
Remediation
Immediately upgrade ConnectWise ScreenConnect to version 23.9.8 or later. Follow these steps to remediate:
1. Download ScreenConnect version 23.9.8 or newer from the official ConnectWise portal
2. Schedule a maintenance window and notify users of the upgrade
3. Create a backup of your current ScreenConnect installation and database
4. Apply the update following ConnectWise's upgrade documentation
5. After upgrading, review all user accounts for unauthorized additions or modifications
6. Audit system logs for suspicious access patterns to the setup wizard path (e.g., /SetupWizard.aspx)
7. Reset credentials for all administrative accounts as a precautionary measure
8. If immediate patching is not possible, restrict network access to the ScreenConnect server to trusted IP addresses only until the update can be applied