ConnectWise ScreenConnect Authentication Bypass Vulnerability
ConnectWise ScreenConnect (formerly ScreenConnect) versions prior to 23.9.8 contain an authentication bypass vulnerability that allows an unauthenticated attacker to execute arbitrary commands on the server and gain unauthorized access to the application.
This section explains the vulnerability in everyday language, so anyone can understand the risk and impact.
ConnectWise ScreenConnect is a remote access tool that companies use to provide technical support and manage computers from afar. A very serious security flaw was discovered that lets attackers completely bypass the login system and take control of the server running ScreenConnect.
This is particularly dangerous because an attacker doesn't need any password or username - they can simply exploit this flaw to gain full access to the system. This could let them control any computer that's connected to the ScreenConnect server, potentially affecting thousands of businesses that use this software for remote support.
Affected Products
Remediation
1. Immediately upgrade to ScreenConnect version 23.9.8 or later
2. If immediate upgrade is not possible, disconnect the ScreenConnect server from the internet
3. Monitor systems for unauthorized access or suspicious activity
4. Reset all authentication credentials after upgrading
Sources & References
- vendorConnectWise Advisory
- advisoryCISA KEV Catalog