Pierluigi Paganini February 20, 2024
ConnectWise warns of the following two critical vulnerabilities in its ScreenConnect remote desktop access product:
Both vulnerabilities were reported on February 13, 2024, through the company vulnerability disclosure channel via the ConnectWise Trust Center. The company is not aware of attacks in the wild exploiting these vulnerabilities, however, due to the higher risk of being targeted by exploits, ConnectWise recommends installing updates as emergency changes within days.
The issues impact ScreenConnect 23.9.7 and prior, below is the remediation provided in the advisory:
Cloud
There are no actions needed by the partner, ScreenConnect servers hosted in “screenconnect.com” cloud or “hostedrmm.com” have been updated to remediate the issue.
On-premise
Partners that are self-hosted or on-premise need to update their servers to version 23.9.8 immediately to apply a patch.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, ConnectWise ScreenConnect remote desktop access product)