Web Application FirewallConnectWise.ScreenConnect.SetupModule.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in ConnectWise ScreenConnect.
The vulnerability is due to improper validation of a request URL. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in privilege escalation.
Outbreak Alert
Threat actors including ransomware gangs are seen exploiting newly discovered critical flaws in remote monitoring and management software called ScreenConnect.
View the full Outbreak Alert Report
A new alert from CISA, the FBI, the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals that Black Basta affiliates have attacked 12 of the 16 critical infrastructure sectors, including healthcare organizations.
Affected Products
ConnectWise ScreenConnect prior to 23.9.8
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2024-06-10 | 1.00053 |
New
|
| ID | 1002017389 |
| Created | Jun 10, 2024 |
| Updated | Jun 10, 2024 |
| CVE ID | |
| Tags | ConnectWise ScreenConnect Attack Black Basta Ransomware Threat Signal |
| Risk |
|
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, MacOS |
| Affected App | Other |