Attacker Value

Very High

(1 user assessed)

Exploitability

Very High

(1 user assessed)

User Interaction

CVE-2024-1709

Disclosure Date: February 21, 2024 •

CVE-2024-1709 CVSS v3 Base Score: 10.0

Exploited in the Wild

Reported by cbeek-r7 and 1 more...
View Source Details

Metasploit Module

exploit/multi/http/connectwise_screenconnect_rce_cve_2024_1709

Description

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel

vulnerability, which may allow an attacker direct access to confidential information or

critical systems.

Add Assessment

sfewer-r7 (81)

February 22, 2024 4:54pm UTC (2 months ago)

Ratings

Attacker Value

Very High

Exploitability

Very High

Easy to weaponize Gives privileged access Unauthenticated Vulnerable in default configuration

Technical Analysis

Based on writing the Metasploit exploit module for this vulnerability, I have rated the exploitability as very high, as leveraging CVE-2203-1709 to create a new administrator account is trivial. To leverage the vulnerability to get RCE requires more steps, but it is not that complex and exploitation appears reliable. The attacker value for this vulnerability is also very high given the nature of the target software.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

10.0 Critical

Impact Score:

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Changed

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

connectwise

Products

screenconnect

Metasploit Modules

exploit/multi/http/connectwise_screenconnect_rce_cve_2024_1709 (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/connectwise_screenconnect_rce_cve_2024_1709.rb)

Exploited in the Wild

Reported by:

cbeek-r7 indicated sources as

Vendor Advisory (https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8)
News Article or Blog
Personally observed in an environment (https://www.rapid7.com/blog/post/2024/02/20/etr-high-risk-vulnerabilities-in-connectwise-screenconnect/)

Reported: February 22, 2024 11:19am UTC (2 months ago)

inokii indicated sources as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2024/02/22/cisa-adds-one-known-exploited-vulnerability-catalog)

Reported: February 22, 2024 10:26pm UTC (2 months ago)

References

Canonical

CVE-2024-1709 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1709)

Exploit

The following exploit POCs have not been verified by Rapid7 researchers, but are sourced from: nomi-sec/PoC-in-GitHub.
Additional sources will be added here as they become relevant.
Notes: We will only add the top 3 POCs for a given CVE. POCs added here must have at least 2 GitHub stars.

ScreenConnect-AuthBypass-RCE (https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE)

CVE-2024-1709 (https://github.com/HussainFathy/CVE-2024-1709)