Overview:

The National Security Operations Centre (NSOC) is alerting the public to a cybersecurity advisory regarding two vulnerabilities affecting ConnectWise’s product ScreenConnect.

The critical vulnerability tracked as CVE-2024-1709 (CVSS score 10) or identified as CWE-288 is under mass exploitation in the wild. It is described as an Authentication Bypass Using an Alternate Path or Channel vulnerability which may allow an attacker direct access to confidential information or critical systems.

The second vulnerability tracked as CVE-2024-1708 (CVSS score 8.4) or identified as CWE-22 is described as “Improper limitation of a pathname to a restricted directory (“path traversal”)” or path-traversal vulnerability which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.

Affected versions:

ScreenConnect 23.9.7 and prior

Indicators of Compromise (IOCs):

According to the advisory released by ConnectWise, the following IP addresses were used by threat actors and have been made available by ConnectWise for protection and defense:

• 155.133.5.15
• 155.133.5.14
• 118.69.65.60

Recommendations:

The NSOC urges users and administrators to take action by either blocking the above IP addresses or incorporating them into firewall rules for enhanced security. Additionally, it is advised that users and administrators read the advisory linked the Overview Section and apply the necessary patches. In accordance with best practices, both public and private sector organizations, users and administrators should patch immediately.