CVE-2024-1709
Published: 21 February 2024
Summary
CVE-2024-1709 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Connectwise Screenconnect. Its CVSS base score is 10.0 (Critical).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and AC-3 (Access Enforcement).
Deeper analysis
ConnectWise ScreenConnect versions 23.9.7 and earlier contain an authentication bypass vulnerability that stems from improper handling of an alternate path or channel, tracked as CVE-2024-1709 and assigned CWE-288. The flaw carries a CVSS 3.1 score of 10.0, reflecting network-accessible exploitation with no required credentials or user interaction and full impact across confidentiality, integrity, and availability in a changed scope.
An unauthenticated remote attacker can leverage the bypass to obtain direct access to confidential data or critical systems, including the ability to create administrative accounts or execute arbitrary code on affected ScreenConnect servers. Public proof-of-concept code and a Metasploit module have been released that demonstrate the attack path.
The vendor ConnectWise released version 23.9.8 to address the issue and published a security bulletin urging immediate patching; multiple independent reports confirm that exploitation began shortly after disclosure.
The associated EPSS score has reached a peak of 0.9555 with a current value of 0.9435, indicating sustained and widespread exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-17443
Vulnerability details
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
- CWE(s)
- KEV Date Added
- 22 February 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces access-control policy on all paths to protected ScreenConnect functionality, blocking the alternate-channel bypass.
Requires explicit authorization, encryption, and monitoring for all remote access to the ScreenConnect server, eliminating unauthenticated entry points.
Mandates rapid installation of the vendor patch (23.9.8) that closes the authentication-bypass flaw before exploitation occurs.