Web Application FirewallConnectWise.ScreenConnect.Extension.ZIP.Path.Traversal
Description
This indicates an attack attempt to exploit a Path Traversal Vulnerability in ConnectWise ScreenConnect. The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling a crafted zip file. Successful exploitation could lead to remote code execution.
Outbreak Alert
Threat actors including ransomware gangs are seen exploiting newly discovered critical flaws in remote monitoring and management software called ScreenConnect.
View the full Outbreak Alert Report
A new alert from CISA, the FBI, the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals that Black Basta affiliates have attacked 12 of the 16 critical infrastructure sectors, including healthcare organizations.
Affected Products
ConnectWise ScreenConnect prior to 23.9.8
Impact
System Compromise: Remote attackers can execute arbitrary code on vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2024-04-03 | 1.00049 |
New
|
| ID | 1002017378 |
| Created | Apr 03, 2024 |
| Updated | Apr 03, 2024 |
| CVE ID | |
| Tags | ConnectWise ScreenConnect Attack Black Basta Ransomware Threat Signal |
| Risk |
|
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, MacOS |
| Affected App | Other |