ScreenConnect Security Flaw Exploited In the Wild By Attackers


The ScreenConnect software is a popular choice for remote access among organizations worldwide. However, recent vulnerabilities have raised concerns about potential exploitation by attackers.

Specifically, these vulnerabilities could allow attackers to access vulnerable instances and distribute ransomware or other malicious payloads to downstream clients.

ConnectWise has issued an urgent notification to users of its ScreenConnect remote access software, urging them to apply the latest patch immediately.

This follows the discovery of two highly critical vulnerabilities affecting versions 23.9.7 and earlier.

The two vulnerabilities, namely CVE-2024-1709 and CVE-2024-1708, can lead to authentication bypass and path traversal, thereby posing a grave threat to the security and integrity of the impacted systems.

The first one, CVE-2024-1709, is critical and could enable attackers to bypass authentication mechanisms using an alternate path or channel.

Document

Live Account Takeover Attack Simulation

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks

.


This flaw could allow unauthorized access to the system, leading to further exploitation.

The second vulnerability, CVE-2024-1708, has a base score of 8.4 and involves an issue with restricting a pathname to a specified directory.

Known as ‘path traversal,’ this vulnerability allows attackers to access files outside the intended directory, which could lead to data or system compromise.

The vulnerability in question may permit malicious actors to gain unauthorized access to files or folders beyond the designated location, jeopardizing the system’s security.

Vulnerability Under Exploitation

On February 21st, 2024, Shadowserver sensors detected a total of 8200 instances that were vulnerable to a security breach.

According to their sensors, there has been a significant increase in the number of attacks targeting CVE-2024-1709, a vulnerability currently being widely exploited in the wild.

Shadowserver data shows that as many as 643 IPs have recently been subjected to these attacks, indicating that this issue requires immediate attention and action.

The Cybersecurity and Infrastructure Security Agency (CISA) recently included a new security vulnerability, CVE-2024-1709, in its catalog of known exploited vulnerabilities.

This means that hackers and attackers have already been found exploiting this vulnerability, and organizations are advised to take necessary measures to secure their systems and networks against potential attacks.

Mitigation And Response

ConnectWise has taken immediate action to address these vulnerabilities by releasing version 23.9.8 of ScreenConnect, which patches these critical security flaws.

Cloud users of ScreenConnect do not need to take any action, as cloud instances have been automatically updated to the latest secure version.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.





Source link