Connectwise has issued an urgent request for its customers to renew their SCREENCONNECT servers. The reason behind this request is a critical vulnerability that allows for authentication bypassing and the remote execution of arbitrary code. This flaw could be exploited by cybercriminals to steal confidential data or deploy malicious programs on hacked devices. The attacks can be carried out remotely without requiring any interaction from the user.
The company has also addressed another vulnerability of the Path Traversal type in its remote desktop access software. However, this bug can only be operated by hackers with advanced privileges, thus reducing the potential danger it poses.
All SCREENCONNECT servers located on version 23.9.7 and below are at risk. The Cloud ScreenConnect servers on Screenconnect.com and Hostedrm.com have already been secured, but owners of local systems are urged to update to version 23.9.8 as soon as possible. Huntress researchers have already developed an exploit to bypass authentication and have identified over 8800 vulnerable systems worldwide.
Just last month, CISA, the US National Security Agency, and the MS-ISAC organization issued a joint warning about the increasing use of legitimate remote monitoring and management programs for malicious purposes, including Screenconnect. These legitimate tools help hackers gain unauthorized access to systems with the rights of ordinary users, making it easier to bypass protective measures and hack into other systems and devices.
Connectwise first became aware of these critical vulnerabilities on February 13, 2024. The company stated, “There is no evidence that anyone has taken advantage of these vulnerabilities, but our partners using local servers should take immediate action to address the identified risks.”