A critical vulnerability in ConnectWise’s ScreenConnect remote desktop access product has been widely exploited to spread ransomware and other malware.
On February 19, ConnectWise notified customers that it had released patches to address a critical authentication bypass flaw and a high-severity path traversal issue. The security flaws did not have CVE identifiers at the time. The company issued a warning the next day, stating that it had become aware of attempts to exploit in the wild.
Both vulnerabilities now have CVE identifiers: CVE-2024-1709 for the authentication bypass and CVE-2024-1708 for the path traversal bug.
Read More: ‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware Delivery
Check Out The New ITsecuritywire Podcast. For more such updates follow us on Google News ITsecuritywire News.
