Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

ConnectWise fixed critical flaws in ScreenConnect remote access tool

ConnectWise addressed two critical vulnerabilities in its ScreenConnect remote desktop access product and urges customers to install the patches asap. ConnectWise warns of the following two critical vulnerabilities in its ScreenConnect remote desktop access product: Both vulnerabilities were reported on February 13, 2024, through the company vulnerability disclosure channel via the ConnectWise Trust Center. The […]

connectwise

ConnectWise addressed two critical vulnerabilities in its ScreenConnect remote desktop access product and urges customers to install the patches asap.

ConnectWise warns of the following two critical vulnerabilities in its ScreenConnect remote desktop access product:

  • CWE-288 Authentication bypass using an alternate path or channel (CVSS score 10)
  • CWE-22 Improper limitation of a pathname to a restricted directory (“path traversal”)  (CVSS score 8.4)

Both vulnerabilities were reported on February 13, 2024, through the company vulnerability disclosure channel via the ConnectWise Trust Center. The company is not aware of attacks in the wild exploiting these vulnerabilities, however, due to the higher risk of being targeted by exploits, ConnectWise recommends installing updates as emergency changes within days.  

The issues impact ScreenConnect 23.9.7 and prior, below is the remediation provided in the advisory:

Cloud 

There are no actions needed by the partner, ScreenConnect servers hosted in “screenconnect.com” cloud or “hostedrmm.com” have been updated to remediate the issue.  

On-premise 

Partners that are self-hosted or on-premise need to update their servers to version 23.9.8 immediately to apply a patch. 

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, ConnectWise ScreenConnect remote desktop access product)