Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-1708
CVE-2024-1708:
ScreenConnect Server vulnerability analysis and mitigation
Overview
ConnectWise ScreenConnect version 23.9.7 and prior are affected by a critical path-traversal vulnerability identified as CVE-2024-1708. The vulnerability was reported on February 13, 2024, through ConnectWise's vulnerability disclosure channel and was officially disclosed on February 19, 2024. This security flaw affects the ScreenConnect remote desktop software product, which is widely used for remote management and monitoring (Vendor Advisory, Huntress Analysis).
Technical details
The vulnerability is classified with a CVSS 3.1 base score of 8.4 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H. It is a path traversal vulnerability (CWE-22) that allows attackers to write files within the App_Extensions root directory instead of being properly restricted to their extension subdirectory. This vulnerability becomes particularly dangerous when combined with CVE-2024-1709, as it can be leveraged to achieve remote code execution on the instance (Huntress Analysis).
Impact
When exploited, the vulnerability may allow an attacker to execute remote code or directly impact confidential data and critical systems. The path traversal vulnerability enables attackers to write files anywhere within C:\Program Files (x86)\ScreenConnect\App_Extensions, potentially leading to remote code execution in certain conditions (Huntress Analysis, Vendor Advisory).
Mitigation and workarounds
ConnectWise has released version 23.9.8 to patch this vulnerability. Cloud-hosted instances on screenconnect.com and hostedrmm.com were automatically patched. On-premise users are strongly urged to upgrade to at least version 23.9.8 immediately. For partners no longer under maintenance, ConnectWise has provided a patched version 22.4.20001 as an interim solution. License restrictions have been lifted to allow all users to apply the patch regardless of license status (Vendor Advisory).
Community reactions
The cybersecurity community has responded with significant concern about these vulnerabilities. Security researchers at Huntress described the exploit as "trivial" and "embarrassingly easy." The vulnerability has led to a 47.7% decrease in exposed vulnerable instances within a week of the patch release, demonstrating the industry's swift response to the threat (Censys Report).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management