CVE-2024-1708
Published: 21 February 2024
Summary
CVE-2024-1708 is a high-severity Path Traversal (CWE-22) vulnerability in Connectwise Screenconnect. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
ConnectWise ScreenConnect versions 23.9.7 and earlier contain a path-traversal vulnerability tracked as CVE-2024-1708 and assigned CWE-22. The flaw received a CVSS 3.1 score of 8.4 and can permit an attacker to execute remote code or directly affect confidential data and critical systems.
An attacker with network access and high privileges can leverage the path traversal to reach sensitive resources on the server. Successful exploitation grants the ability to run arbitrary code or exfiltrate and manipulate data without further user interaction beyond the required high-privilege session.
The vendor ConnectWise released version 23.9.8 to address the issue, as detailed in its security bulletin. The vulnerability appears in the CISA Known Exploited Vulnerabilities catalog, confirming observed in-the-wild activity. Its EPSS score has reached a peak of 0.8624 with a current value of 0.8481, indicating sustained exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-17442
Vulnerability details
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.
- CWE(s)
- KEV Date Added
- 28 April 2026
Related Threats
Threat-Actor AttributionAI
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2024-1708 path traversal in ConnectWise ScreenConnect enables remote code execution, especially chained with CVE-2024-1709 auth bypass, facilitating exploitation of public-facing applications (T1190) and remote services (T1210).
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patch (23.9.8) that eliminates the path-traversal flaw being actively exploited.
Enforces validation of file-path inputs to reject traversal sequences such as ../ that enable the CVE-2024-1708 attack.
Limits the high-privilege credentials required by the vulnerability, reducing the attacker's ability to reach or exploit the flaw.