ConnectWise remote access software needs immediate patching, company says
IT management software company ConnectWise is urging users to update self-hosted versions of its ScreenConnect product “immediately” because of critical bugs that can allow easy intrusions by outsiders.
In its latest update to a security bulletin on the issue, the company says it has “received updates of compromised accounts that our incident response team have been able to investigate and confirm.” One of the vulnerabilities was disclosed with a CVSS score of 10, the highest possible.
ScreenConnect allows for secure remote desktop access and mobile device support. ConnectWise says the cloud-based versions of the software have been patched, but any organization running an on-premises or a self-hosted version should “immediately” update it.
Exploiting the bugs “is trivial and embarrassingly easy” according to a blog post by cybersecurity company Huntress. Attackers can remotely execute code on a compromised network.
Cybersecurity company watchTowr also posted a proof of concept on the GitHub repository that shows how exploitation could occur.
ConnectWise initially published an advisory, thin on details, on Monday. Huntress said that once it had recreated the exploit and attack chain, it was “too dangerous for this information to be readily available to threat actors,” but the company decided to “spill the beans” on Wednesday once other vendors published information.
The researchers summarized how an attack might occur in a 34-second video.
_Editor's Note: The Cybersecurity and Infrastructure Security Agency (CISA) added the ConnectWise bug to its list of Known Exploited Vulnerabilities on Thursday, February 22, with the number [CVE-2024-1709](https://nvd.nist.gov/vuln/detail/CVE-2024-1709)._
Joe Warminsky
is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. He previously he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.