The DSA wants to bring to your attention, that multiple vulnerabilities in ConnectWise ScreenConnect software, which could be exploited to gain unauthorized access to affected systems.

Technical Details:

ConnectWise has released emergency security updates to address two severe security vulnerabilities within their ScreenConnect remote desktop and access software. These flaws pose significant risks, including remote code execution and potential exposure of sensitive information.

Vulnerabilities Details:

• Authentication bypass using an alternate path or channel (CVSS score: 10.0 Critical)
• Improper limitation of a pathname to a restricted directory aka "path traversal" (CVSS score: 8.4 High) A successful exploitation of these vulnerabilities could grant attackers unauthorized access, potentially compromising affected systems.

Affected Versions:
ScreenConnect versions 23.9.7 and prior.

Fixed Version:
ScreenConnect version 23.9.8 The company notes that ConnectWise will provide updated versions of releases 22.4 through 23.9.7 to address the critical issue, but strongly recommends updating to ScreenConnect version 23.9.8.

Indicators Of Compromise (IOCs)

• 155.133.5[.]15
• 155.133.5[.]14
• 118.69.65[.]60

Recommendations
The DSA recommends applying the mitigation or workaround provided by ConnectWise.

The information presented in this report is based on available data up to the 21st of February 2024.