CVE-2023-47256: 
ScreenConnect Server vulnerability analysis and mitigation

ConnectWise ScreenConnect, a widely used remote support and remote administration tool, was found to contain a critical vulnerability (CVE-2023-47256) affecting versions through 23.8.4. The vulnerability allows local users to connect to arbitrary relay servers by exploiting the implicit trust of proxy settings. This vulnerability was discovered by Dennis Carlson at Gotham Security on October 30th and was subsequently patched by ConnectWise in version 23.8.5 (Gotham Security, Vendor Advisory).

The vulnerability exists in the proxy configuration handling of the ScreenConnect client. When no other connections to the relay server are functional, the system attempts to enumerate through active user sessions and connect using their proxy configurations. The client saves the first functional user proxy to its configuration file as the DiscoveredProxyUri value, which becomes one of the first proxy URIs attempted in subsequent connections. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating local access requirements but high impact on integrity (NVD).

The vulnerability allows non-privileged local users to manipulate the system's proxy settings, potentially redirecting connections to malicious relay servers. When chained with CVE-2023-47257, this vulnerability could lead to Local Privilege Escalation (LPE) and Remote Code Execution (RCE) as 'NT AUTHORITY\System' on Windows systems (Gotham Security).

ConnectWise has released version 23.8.5 to address this vulnerability. For cloud instances, automatic updates are being rolled out on a schedule, but administrators can manually force the update through cloud.screenconnect.com. On-premise installations should upgrade to ScreenConnect version 23.8.5 and update their guest clients to the same version. Automate partners with ConnectWise ScreenConnect should check for new builds through the Plugin (Vendor Advisory).