Cyber Resilience

CVE-2024-1709

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 21 February 2024

Published
21 February 2024
Modified
26 February 2026
KEV Added
22 February 2024
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.9435 100.0th percentile
Risk Priority 97 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-1709 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Connectwise Screenconnect. Its CVSS base score is 10.0 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and AC-3 (Access Enforcement).

Deeper analysis

ConnectWise ScreenConnect versions 23.9.7 and earlier contain an authentication bypass vulnerability that stems from improper handling of an alternate path or channel, tracked as CVE-2024-1709 and assigned CWE-288. The flaw carries a CVSS 3.1 score of 10.0, reflecting network-accessible exploitation with no required credentials or user interaction and full impact across confidentiality, integrity, and availability in a changed scope.

An unauthenticated remote attacker can leverage the bypass to obtain direct access to confidential data or critical systems, including the ability to create administrative accounts or execute arbitrary code on affected ScreenConnect servers. Public proof-of-concept code and a Metasploit module have been released that demonstrate the attack path.

The vendor ConnectWise released version 23.9.8 to address the issue and published a security bulletin urging immediate patching; multiple independent reports confirm that exploitation began shortly after disclosure.

The associated EPSS score has reached a peak of 0.9555 with a current value of 0.9435, indicating sustained and widespread exploitation interest.

EU & UK References

Vulnerability details

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

CWE(s)
KEV Date Added
22 February 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

connectwise
screenconnect
≤ 23.9.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access-control policy on all paths to protected ScreenConnect functionality, blocking the alternate-channel bypass.

prevent

Requires explicit authorization, encryption, and monitoring for all remote access to the ScreenConnect server, eliminating unauthenticated entry points.

prevent

Mandates rapid installation of the vendor patch (23.9.8) that closes the authentication-bypass flaw before exploitation occurs.

References