CASE: AUTHENTICATION BYPASS & REMOTE CODE EXECUTION IN CONNECTWISE SCREENCONNECT

SUMMARY

A critical security issue was recently identified in ConnectWise ScreenConnect. If abused, the flaw may enable an unauthenticated attacker to bypass the authentication and execute remote code or directly impact confidential data or critical systems.

RECOMMENDATIONS

ConnectWise recommends partners update their ScreenConnect to version 23.9.8. ConnectWise will also provide updated versions of releases 22.4 through 23.9.7 for the critical issue but strongly recommends that partners update to ScreenConnect version 23.9.8.

WHAT WE ARE DOING

DIVD is currently working to identify vulnerable instances and notify the owners of these systems.

MORE INFORMATION