ConnectWise rushes to patch critical vulnerabilities in their remote access tool


Enterprise IT software behemoth ConnectWise has issued urgent patches for two critical security flaws in its ScreenConnect remote desktop access product, warning of a high risk of in-the-wild exploitation.

Also read: The Security Risks Involved With Third-Party Remote Access

The most critical of the two bugs is classified as a “authentication bypass using an alternate path or channel” and has the highest CVSS severity score of 10/10. A second bug, identified as an incorrect limitation of a pathname to a restricted directory (“path traversal”), was also fixed and assigned a CVSS severity score of 8.4/10.

The company claims the vulnerabilities were reported a week ago via its public disclosure channel, but there is no evidence of in-the-wild exploitation.

Read More: ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.