Aperçu
ConnectWise ScreenConnect versions 23.9.7 and prior contain a critical authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access to the remote access platform. The vulnerability exists due to an alternate path or channel that bypasses normal authentication mechanisms, potentially granting attackers access to confidential information and critical systems managed through ScreenConnect. La vulnérabilité a été divulguée le February 21, 2024. CISA a identifié CVE-2024-1709 comme étant exploitée et est connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
ConnectWise ScreenConnect contains an authentication bypass vulnerability in how it handles access to certain endpoints or functionalities. The vulnerability allows attackers to circumvent the authentication mechanism by exploiting an alternate path or channel to access restricted resources. This could involve direct access to API endpoints, web interfaces, or internal functions that should require proper authentication credentials but instead are left unprotected or protected by weak validation mechanisms.
La vulnérabilité est classifiée comme CWE-287 (Improper Authentication) etCWE-306 (Missing Authentication for Critical Function) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 9.8 (CRITICAL) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indiquant sa nature critical.
Impact
Successful exploitation allows unauthenticated attackers to gain complete unauthorized access to ConnectWise ScreenConnect. This could result in: (1) Access to confidential information including customer data, session details, and system configurations; (2) Ability to control remote computers and systems managed through ScreenConnect; (3) Potential to pivot to other systems within connected networks; (4) Installation of malware or remote access trojans; (5) Lateral movement within enterprise environments. Given that ScreenConnect is used for remote access and IT management, successful exploitation has severe implications for affected organizations.
Mitigation et contournements
ConnectWise has released patched versions to address this vulnerability. Organizations should immediately upgrade to ScreenConnect version 23.9.8 or later, or to version 23.12 and subsequent releases. Visit the ConnectWise ScreenConnect download page to obtain the latest patched version for your deployment model (cloud-hosted or on-premises). Refer to ConnectWise Security Release Notes for detailed upgrade instructions specific to your environment. Les versions suivantes incluent les correctifs nécessaires : 23.9.8, 23.12.x and later.
Comme contournements temporaires : implement network-level access controls to restrict access to screenconnect to trusted ip addresses only. use firewalls, vpns, or network segmentation to limit who can reach the screenconnect interface.; disable unnecessary api endpoints or features that are not in use. review screenconnect configuration to minimize the attack surface., et monitor all authentication-related logs and connection attempts for suspicious activity. look for unauthorized access patterns or requests from unexpected sources..
Recommandation de CISA : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Ressources additionnelles
Source : Ce rapport a été généré par IA
