Enterprise IT software behemoth ConnectWise has issued urgent patches for two critical security flaws in its ScreenConnect remote desktop access product, warning of a high risk of in-the-wild exploitation.
Also read: The Security Risks Involved With Third-Party Remote Access
The most critical of the two bugs is classified as a “authentication bypass using an alternate path or channel” and has the highest CVSS severity score of 10/10. A second bug, identified as an incorrect limitation of a pathname to a restricted directory (“path traversal”), was also fixed and assigned a CVSS severity score of 8.4/10.
The company claims the vulnerabilities were reported a week ago via its public disclosure channel, but there is no evidence of in-the-wild exploitation.
Read More: ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
