From 9f247b7c88f86f5b29ef8885c08859ccdfb2751e Mon Sep 17 00:00:00 2001
From: Victor Gevers <dhrgevers@gmail.com>
Date: Wed, 21 Feb 2024 18:26:53 +0100
Subject: [PATCH] Update index.html

CVEs added to case
---
 cases/CG-2024-00002/index.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cases/CG-2024-00002/index.html b/cases/CG-2024-00002/index.html
index 5707abd..a1e5600 100644
--- a/cases/CG-2024-00002/index.html
+++ b/cases/CG-2024-00002/index.html
@@ -186,12 +186,12 @@ <h2 class="mt-2 block text-2xl text-center leading-8 font-bold tracking-tight te
     <b>Case:</b> CG-2024-00002-Connectwise-Screenconnect<br>
     <b>Case lead:</b> <a href="/index.html#soufianemail">Soufian El Yadmani</a><br>
     <b>Researchers:</b> Chris Heald, Gabriel Tarsia, Michael Rowley, Soufian El Yadmani, Tuhin Mukherjee, Victor Gevers, Brad Lynch.<br>
-    <b>CVE:</b> n/a<br>
+    <b>CVE(s):</b>CVE-2024-1708, CVE-2024-1709 <br>
     <b>Product:</b> <a class="text-yellow-500" href="https://screenconnect.connectwise.com/support/live-demo">ScreenConnect</a><br>
     <b>Vulnerable Versions:</b> ScreenConnect 23.9.7 and prior<br>
     <b>Vendor Statement:</b> <a class="text-yellow-500" href="https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8">https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8</a><br>
-    <b>Published:</b> 21 Feb 2024 13:00 CET</p>    
-    <b>Last updated:</b> 21 Feb 2024 17:48 CET</p>
+    <b>Published:</b> 21 Feb 2024 13:00 CET<br>    
+    <b>Last updated:</b> 21 Feb 2024 18:26 CET</p>
 </p>
     <h3 class="mt-6 block text-xl text-center leading-8 font-bold tracking-tight text-yellow-500 sm:text-xl sm:tracking-tight">Summary</h3>
 <p class="mt-4 text-xl text-gray-400 leading-8">ConnectWise addressed ScreenConnect vulnerabilities enabling unauthorized administrator account creation, with an exploit elevating the risk. No CVEs assigned. Immediate update to version 23.9.8 required for self-hosted/on-premise users. Confirmed compromised accounts and associated threat actor IP addresses are shared on the ConnectWise website.</p>