vulnerability
ConnectWise ScreenConnect: CVE-2024-1708: Security Fix
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:M/C:C/I:C/A:C) | Feb 21, 2024 | Dec 3, 2024 | Mar 25, 2026 |
Severity
8
CVSS
(AV:N/AC:M/Au:M/C:C/I:C/A:C)
Published
Feb 21, 2024
Added
Dec 3, 2024
Modified
Mar 25, 2026
Description
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker
the ability to execute remote code or directly impact confidential data or critical systems.
the ability to execute remote code or directly impact confidential data or critical systems.
Solution
connectwise-screenconnect-upgrade-latest
References
- CWE-22
- CVE-2024-1708
- https://attackerkb.com/topics/CVE-2024-1708
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-17442
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.