The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw. ConnectWise has also released a newer version of ScreenConnect (v23.9.10.8817), which contains the fixes for the two flaws and other non-security fixes but – more crucially – customers no longer under maintenance can upgrade to it to protect themselves against exploitation. Confirmed exploitation, PoC available ConnectWise shared … More
The post Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) appeared first on Help Net Security.