From 9f247b7c88f86f5b29ef8885c08859ccdfb2751e Mon Sep 17 00:00:00 2001
From: Victor Gevers Soufian El Yadmani
Researchers: Chris Heald, Gabriel Tarsia, Michael Rowley, Soufian El Yadmani, Tuhin Mukherjee, Victor Gevers, Brad Lynch.
- CVE: n/a
+ CVE(s):CVE-2024-1708, CVE-2024-1709
Product: ScreenConnect
Vulnerable Versions: ScreenConnect 23.9.7 and prior
Vendor Statement: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
- Published: 21 Feb 2024 13:00 CET
ConnectWise addressed ScreenConnect vulnerabilities enabling unauthorized administrator account creation, with an exploit elevating the risk. No CVEs assigned. Immediate update to version 23.9.8 required for self-hosted/on-premise users. Confirmed compromised accounts and associated threat actor IP addresses are shared on the ConnectWise website.