UPDATE: Read our full analysis of CVE-2024-1709 & CVE-2024-1708 and detection guidance here.

UPDATE: We have proactively deployed a temporary hotfix to over 1000 vulnerable systems managed by Huntress. It's crucial people still update to the latest official version ASAP. During research and creation of a Proof-of-Concept exploit to validate the vulnerability, Huntress identified a way to temporarily hot-fix vulnerable systems while administrators work to patch their systems.

UPDATE:  Detection guidance from Huntress has been issued.

Huntress security researchers successfully created and validated a proof-of-concept exploit for the vulnerabilities referenced to in the latest February 19 ConnectWise ScreenConnect advisory. 

1. CWE-288 “Authentication bypass using an alternate path or channel,” base score of 10, and
2. CWE-22 “Improper limitation of a pathname to a restricted directory (‘path traversal’),” base score of 8.4

The ConnectWise article indicates the severity as “critical—vulnerabilities that could allow the ability to execute remote code or directly impact confidential data or critical systems.” 

Huntress is in complete agreement with this assessment. They state there is no knowledge of any in-the-wild exploitation, and for this reason, we will not yet share any further details on this threat.

As of 07:00 AM EST, over 8,800 servers are shown as running a vulnerable version on the Censys.io platform.

For Cloud users of ScreenConnect, no action is required on your part—cloud instances have been automatically updated to the latest secure version.

For on-premise users, we offer our strongest recommendation to patch and update to ScreenConnect version 23.9.8 immediately. 

We encourage customers and partners to reach out if they need assistance. If you are not currently using Huntress EDR, sign up for a free trial, and Huntress will monitor for any related activity.