Gotham Security, an Abacus Group company providing high-quality boutique cybersecurity services, has announced that its research team recently discovered two vulnerabilities in ConnectWise ScreenConnect, saving tens of thousands of enterprises from the possible consequences of a significant cyber-attack.
ConnectWise ScreenConnect is a remote-control software used by IT managed service providers (MSPs) globally. Had Gotham Security not stepped in, therefore, and had a hacker identified the vulnerabilities as part of a zero-day attack, it would likely have led to MSPs and their clients being exposed to this zero-day vulnerability.
If the vulnerabilities were left unaddressed, bad actors would have been able to gain access to all workstations and servers with ScreenConnect from a local network and then escalate their privileges to be local administrators on the affected systems.
Gotham Security acted quickly to mitigate this possibility, rapidly developing a technical write-up about the vulnerabilities and disclosing it to ConnectWise in accordance with its Vulnerability Disclosure Policy. Within an hour of submission, ConnectWise had triaged the vulnerabilities and assigned security engineers to replicate Gotham Security’s findings. Later that same day, both findings were confirmed as valid. ConnectWise then initiated the development of a security patch to address both vulnerabilities.
Christian Scott, Chief Operating Officer and Chief Information Security Officer Gotham Security, said: “Our success in identifying and disclosing these vulnerabilities so quickly is testament to the hard work and dedication of our team and just one more example of how our technical know and cyber-security research helps protect organisations worldwide.”
Scott added, “This incident shows the benefits of a partnership-based approach. ConnectWise were fast to engage and did a great job in responding to these vulnerabilities and pushing out a patch to rectify them as quickly as possible.”
Paul Ponzeka, Chief Technology Officer, Abacus Group, said: “Abacus Group recognises the exceptional technical prowess of Gotham in the realm of security. Gotham has demonstrated a unique capability in uncovering vulnerabilities at a speed that other boutique providers would struggle to match.
“Our experience with Gotham goes beyond the superficial ‘paper security’ offered by others. Christian and his team have not only identified but also actively engaged in resolving software vulnerabilities, working directly with vendors. This hands-on approach and direct problem-solving attitude sets Gotham apart in the field of cybersecurity.
“It also underlines the value of a tight coupling between an MSP like ourselves and a cybersecurity company like Gotham Security,” Ponzeka added. “Gotham Security’s close relationship with us allowed them to quickly develop and implement mitigation strategies to protect all of our customers while ConnectWise worked on developing a patch.”
For more details of the ScreenConnect vulnerability and how it was addressed, please visit Discovering ConnectWise ScreenConnect RCE & LPE Vulnerabilities (CVE-2023-47256, CVE-2023-47257) (gotham-security.com)