As of February 19, 2024, ConnectWise has disclosed two critical vulnerabilities within their ScreenConnect remote access software, highlighting the urgent need for users to update their systems to ensure security.
The first vulnerability, identified as CVE-2024–1709, allows for authentication to be bypassed via an alternate method, presenting a direct threat to the integrity and confidentiality of the system. This issue has been given the highest level of concern, with a Common Vulnerability Scoring System (CVSS) rating of 10 out of 10, indicating its high potential for severe impact.
The second vulnerability, CVE-2024–1708, involves an improper restriction on directory paths, which could enable unauthorized access to restricted areas of the system. This vulnerability has been rated with a CVSS score of 8.4, denoting a high level of risk.
Given the critical nature of these vulnerabilities, it is crucial for organizations using the on-premise version of ScreenConnect, version 23.9.7 and earlier, to patch and update to version 23.9.8 immediately. Such vulnerabilities expose systems to significant security risks, including unauthorized access and potential data breaches. It’s worth noting that cloud-based instances of ScreenConnect have been automatically updated to mitigate these risks.
With over 8,000 instances of ScreenConnect exposed worldwide, heightened concerns emerge, particularly among managed service providers (MSPs) and managed security services providers (MSSPs), as potential exploitation could result in deployment of ransomware on client systems downstream. At the end of January, a joint advisory from CISA, the NSA, and MS-ISAC already cautioned about the rising trend of attackers leveraging legitimate remote monitoring and management (RMM) software like ConnectWise ScreenConnect for malicious activities.
Just a day following the vendor’s disclosure of the security issues, cybercriminals have already begun exploiting them in their operations, emphasizing the necessity for a multilayered cybersecurity approach to be implemented. Firstly, the complexity and severity of threats, particularly highlighted by the CVE-2024–1709 vulnerability with its maximum CVSS score of 10, underline the importance of establishing multiple layers of defense to effectively thwart and mitigate potential attacks. Secondly, the diversity of these vulnerabilities, ranging from authentication bypasses to improper directory access, underlines the need for implementing a comprehensive array of security measures across various layers. Such a strategy significantly reduces the likelihood of a single point of failure leading to a system-wide compromise. Lastly, the ability to adapt to an ever-changing threat landscape is a key advantage of a multilayered approach, enabling organizations to dynamically update and refine their security postures in light of new and ever-evolving threats.
Acronis Cyber Protect agent can detect vulnerable versions of ScreenConnect (starting from version 19.x) and seamlessly update to one of the patched versions, ensuring proactive protection against potential exploits.