ScreenConnect Security Flaws (CVE-2024-1709 & CVE-2024-1708), including one critical vulnerability (CVSS 10) being wildly exploited 

ScreenConnect Security Flaws (CVE-2024-1709 & CVE-2024-1708), including one critical vulnerability (CVSS 10) being wildly exploited 

Two security vulnerabilities, CVE-2024-1708 and CVE 2024-1708, are discovered in a globally popular remote access software ScreenConnect. These vulnerabilities, upon exploitation, can allow the attackers to distribute malicious payloads like ransomware to downstream clients by accessing vulnerable instances.  

ConnectWise, the company behind the software, has advised its users to apply the recommended patches immediately and update their software. The vulnerabilities detected in the 23.9.7 and earlier versions of the software. CISA has included the vulnerability (CVE-2024-1709) in its catalog of known exploited vulnerabilities.   

The attackers are currently widely exploiting the vulnerability, and organizations are advised to take the necessary measures to secure their systems and networks against the attacks. The vulnerability needs to be treated on an immediate basis since it can cause a considerable amount of damage to the systems and network.  

As per a blog post on X (formerly Twitter), they have improved the scanning/ detection for vulnerable instances and found more than 643 IP addresses exploited with the CVE-2024-1709  vulnerability targeted as per their scanners.  

According to them, both vulnerabilities can enable the attackers to engage in path traversal and authentication bypass that can put the security and integrity of systems at considerable risk.  

As per Shadowserver, these vulnerabilities were first detected on 21st February, with over 8200 instances reported to be vulnerable to a security breach. Since then, there has been a significant increase in the number of attacks that targeted the CVE-2024-1709. 

Technical Dissection  

CVE-2024-1709  

It is a critical vulnerability with a CVSS score of 10!  It is the highest score on the scale. Upon its exploitation, attackers can bypass authentication mechanisms using alternate paths or channels. They can gain unauthorized access to the systems for further exploitation.  

CVE-2024-1708 

It is a critical vulnerability with a CVSS score of 8.4. It is a path traversal vulnerability that involves the issue of restricting a pathname to a specified directory. By exploiting this vulnerability, attackers can gain unauthorized access to the files or folders beyond the location assigned to them. 

SharkStriker’s recommendations and implemented measures. 

We recommend the following measures for mitigation to our clients and partners 

We recommend that the ScreenConnect software be updated to the latest version which addresses the critical vulnerabilities with patches. All the cloud users of ScreenConnect do not need to take any actions since they would have automatically received the updates. 

We have implemented the following general measures to ensure that our clients and partners are secured:   

• We have implemented measures for continuous monitoring with proactive detection and response to suspicious threats and activities. 
• We have configured their detection mechanisms with the best practices for early detection and quick & precise response to threats. 
• Our unified platform STRIEGO, comes with dashboards that assist our customers in gaining complete visibility of their cybersecurity posture. 
• Based on the Indicators of Compromise by CISA, we have performed a threat search across their IT infrastructure