{"id":24044,"date":"2024-02-28T11:10:38","date_gmt":"2024-02-28T19:10:38","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/02\/28\/news-17774\/"},"modified":"2024-02-28T11:10:38","modified_gmt":"2024-02-28T19:10:38","slug":"news-17774","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/02\/28\/news-17774\/","title":{"rendered":"Update now! ConnectWise ScreenConnect vulnerability needs your attention"},"content":{"rendered":"\n<p>ConnectWise is <a href=\"https:\/\/www.connectwise.com\/company\/trust\/security-bulletins\/connectwise-screenconnect-23.9.8\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">warning<\/a> self-hosted and on-premise customers that they need to take immediate action to remediate a critical vulnerability in its ScreenConnect remote desktop software. This software is typically used in data-centers and for remote assistance. Together ConnectWise\u2019s partners manage millions of endpoints (clients).<\/p>\n<p>A Shadowserver scan revealed approximately 3,800 vulnerable ConnectWise ScreenConnect instances on Wednesday, most of them in the US.<\/p>\n<figure class=\"wp-block-embed aligncenter is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">~3800 vulnerable ConnectWise ScreenConnect instances (authentication bypass using an alternate path or channel (CVSS 10) &amp; path traversal (CVSS 8.4)) <a href=\"https:\/\/t.co\/tPi9ALNVab\">https:\/\/t.co\/tPi9ALNVab<\/a><\/p>\n<p>IP data in:<a href=\"https:\/\/t.co\/qxv0Gv5ELc\">https:\/\/t.co\/qxv0Gv5ELc<\/a><\/p>\n<p>~93% instances of ScreenConnect seen on 2024-02-20 still vulnerable: <a href=\"https:\/\/t.co\/CRpEHutjFS\">https:\/\/t.co\/CRpEHutjFS<\/a> <a href=\"https:\/\/t.co\/hiwPqnouby\">pic.twitter.com\/hiwPqnouby<\/a><\/p>\n<p>&mdash; Shadowserver (@Shadowserver) <a href=\"https:\/\/twitter.com\/Shadowserver\/status\/1760229390082847029?ref_src=twsrc%5Etfw\">February 21, 2024<\/a><\/p><\/blockquote><\/div>\n<\/figure>\n<p>The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2024\/02\/22\/cisa-adds-one-known-exploited-vulnerability-catalog\">Known Exploited Vulnerabilities Catalog<\/a>. ConnectWise has shared three IP addresses that were recently used by threat actors:<\/p>\n<ul>\n<li>155.133.5.15<\/li>\n<li>155.133.5.14<\/li>\n<li>118.69.65.60<\/li>\n<\/ul>\n<p>These IP addresses are all blocked by ThreatDown and Malwarebytes solutions.<\/p>\n<p>The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The flaw added to the CISA Catalog is <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-1709\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2024-1709<\/a>, an authentication bypass vulnerability with a CVSS score of 10 that could allow an attacker administrative access to a compromised instance. With administrative access it is trivial to create and upload a malicious ScreenConnect extension to gain Remote Code Execution (RCE).<\/p>\n<p>Affected versions are ScreenConnect 23.9.7 and prior. Cloud partners don\u2019t need to take any actions. ScreenConnect servers hosted in on screenconnect.com and hostedrmm.com have been updated to remediate the issue.\u00a0<\/p>\n<p>Partners that are self-hosted or on-premise need to update their servers to version 23.9.8 immediately to apply a patch. ConnectWise will also provide updated versions of releases 22.4 through 23.9.7 for the critical issue, but strongly recommends that partners update to ScreenConnect version 23.9.8.<\/p>\n<p>For instructions on updating to the newest release, please reference this doc:&nbsp;<a href=\"https:\/\/docs.connectwise.com\/ConnectWise_ScreenConnect_Documentation\/On-premises\/Get_started_with_ConnectWise_ScreenConnect_On-Premise\/Upgrade_an_on-premises_installation\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Upgrade an on-premise installation &#8211; ConnectWise<\/a>.<\/p>\n<hr class=\"wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide\" \/>\n<p>Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.<\/p>\n<div class=\"wp-block-malware-bytes-button mb-button\" id=\"mb-button-371336e6-815b-4134-8818-f944dbc308bb\">\n<div class=\"mb-button__row u-justify-content-center\">\n<div class=\"mb-button__item mb-button-item-0\">\n<p class=\"btn-main\"><a href=\"https:\/\/www.malwarebytes.com\/business\/contact-us\/\">TRY NOW<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/02\/update-now-connectwise-screenconnect-vulnerability-needs-your-attention\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> ConnectWise customers need to take immediate action to remediate a critical vulnerability. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[27210,30929,22783,32,21594,10467],"class_list":["post-24044","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-connectwise","tag-cve-2024-1709","tag-exploits-and-vulnerabilities","tag-news","tag-screenconnect","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24044","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24044"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24044\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24044"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24044"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24044"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}