vulnerability
ConnectWise ScreenConnect: CVE-2024-1708: Security Fix
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:M/C:C/I:C/A:C) | Feb 21, 2024 | Dec 3, 2024 | Apr 29, 2026 |
Severity
8
CVSS
(AV:N/AC:M/Au:M/C:C/I:C/A:C)
Published
Feb 21, 2024
Added
Dec 3, 2024
Modified
Apr 29, 2026
Description
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker
the ability to execute remote code or directly impact confidential data or critical systems.
the ability to execute remote code or directly impact confidential data or critical systems.
Solution
connectwise-screenconnect-upgrade-latest
References
- CWE-22
- CVE-2024-1708
- https://attackerkb.com/topics/CVE-2024-1708
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-17442
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.