Note: This Emerging Threat is also published in the new Fortra Security & Trust Center - the new location for all Emerging Threats beginning in January 2025. Refer to Emerging Threats Moving to Fortra.com for more information on following Emerging Threats in their new location.
Fortra’s Alert Logic is investigating two vulnerabilities in ConnectWise ScreenConnect – CVE-2024-1708 and CVE-2024-1709 – which are being actively exploited in the wild. These vulnerabilities can allow an attacker to execute remote code or directly impact confidential data or critical systems. Customers using any on-premise version of ScreenConnect below 23.9.8 are recommended to update immediately.
Who is affected?
All versions of ScreenConnect below 23.9.8 are vulnerable to CVE-2024-1708 and CVE-2024-1709.
What can I do?
For on-premise instances of ScreenConnect, customers should immediately update to version 23.9.8 or higher. Cloud instances of ScreenConnect have been automatically updated, and no additional action is required.
For more information about the fix released on version 23.9.8, refer to the ConnectWise security bulletin.
How is Alert Logic helping me?
Alert Logic is actively researching this threat to build detection capabilities in addition to those listed below.
Vulnerability Scanning: Alert Logic has released unauthenticated scan coverage to detect vulnerable instances. If these vulnerabilities are found, exposures (EID: 254892 and 254938) will be raised for CVE-2024-1708 and CVE-2024-1709.
Network IDS: Alert Logic has released IDS telemetry signatures to aid in detection research.
Log Management: Alert Logic has deployed and is actively monitoring log telemetry related to known IOCs.
Updates
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click FOLLOW at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.
Comments
0 comments
Please sign in to leave a comment.