This Alert is relevant to Australians who use ConnectWise’s ScreenConnect software on any platform. These vulnerabilities impact the version 23.9.7 and prior.
This alert is intended to be understood by all users. Customers are encouraged to patch to the latest version of ScreenConnect.
Background / What has happened?
- ConnectWise have posted a security advisory and patch to address the vulnerabilitiy in CVE-2024-1709.
- CVE-2024-1709 is a vulnerability that could allow an unauthenticated attacker to remotely run arbitrary code without user interaction via creation of a new account with administrator privileges.
- All users of ConnectWise’s ScreenConnect are encouraged to update to the patched version immediately.
- ConnectWise has confirmed active exploitation.
Affected versions / applications:
- CVE-2024-1709: This vulnerability impacts all versions of ConnectWise’s ScreenConnect from 23.9.7 and prior.
Mitigation / How do I stay secure?
- The ASD’s ACSC recommends individuals, business, organisations and government entities patch to the latest version of ScreenConnect.
- Customers who are using ScreenConnect should look for recently created administrative user accounts.
- It is currently unclear if patching will remove created administrative accounts, therefore further investigation and remediation is required.
- Indicators of compromise (IOCs) can be be found in ConnectWise’s security release.
- Further information and details to investigate potential compromise can be found in the ConnectWise’s Security release.
Assistance / Where can I go for help?
Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).