Cyber Security News

ScreenConnect Security Flaw Let Attackers Bypass Authentication

In a critical security advisory, ConnectWise has alerted users of its ScreenConnect remote access software to patch their systems immediately due to two severe vulnerabilities discovered in versions 23.9.7 and earlier.

These vulnerabilities, identified as CWE-288 and CWE22, allow for authentication bypass and path traversal, posing a significant risk to the integrity and security of affected systems.

Document
Analyse Shopisticated Malware with ANY.RUN

Try ANY.RUN Yourself with a 14-day Free Trial

More than 300,000 analysts use ANY.RUN is a malware analysis sandbox worldwide. Join the community to conduct in-depth investigations into the top threats and collect detailed reports on their behavior..

ScreenConnect Security Flaw

The first vulnerability, CWE-288, enables attackers to bypass authentication mechanisms using an alternate path or channel, receiving the highest severity score of 10.

This flaw could allow unauthorized access to the system, potentially leading to further exploitation.

 The second vulnerability, CWE-22, involves improper limitation of a pathname to a restricted directory, known as ‘path traversal,’ with a base score of 8.4.

This issue could allow attackers to access files or directories outside the specified location, compromising the system’s security.

ScreenConnect is widely used for remote access by organizations globally, making these vulnerabilities particularly concerning due to the potential for attackers to exploit vulnerable instances and push ransomware or other malicious payloads to downstream clients.

This risk is especially acute for managed service providers (MSPs) or managed security services providers (MSSPs) who use ScreenConnect to manage client environments remotely.

Shodan has reported that over 7,900 servers that are connected are running versions of ScreenConnect that are vulnerable.

Mitigation and Response

ConnectWise has taken immediate action to address these vulnerabilities by releasing version 23.9.8 of ScreenConnect, which patches these critical security flaws.

Cloud users of ScreenConnect do not need to take any action, as cloud instances have been automatically updated to the latest secure version.

However, on-premise users are strongly urged to update their servers to version 23.9.8 immediately to mitigate the risks posed by these vulnerabilities.

Security researchers at Huntress and Rapid7 have echoed the urgency of applying these patches, with Huntress successfully creating and validating a proof-of-concept exploit for the vulnerabilities.

Over 8,800 servers were reported as running a vulnerable version, highlighting the widespread potential impact.

Indicators of compromise

IOCs: 

  • 155.133.5.15
  • 155.133.5.14
  • 118.69.65.60

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Dhivya

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

KnowBe4 Hired Fake North Korean IT Worker, Catches While Installing Malware

Security awareness and training provider KnowBe4 recently disclosed that it inadvertently hired a fake North…

26 mins ago

Pentagon IT Service Provider Hacked: U.S. Government Secrets Exposed

Leidos Holdings Inc., one of the largest IT services providers to the U.S. government, experienced…

6 hours ago

Top Phishing Campaigns in July 2024: SharePoint Abuse, DeerStealer, and More

July saw a new influx of phishing and malware campaigns. The analyst team at ANY.RUN…

18 hours ago

IPFire Unveils New Feature to Protect Systems from SYN Flood Attacks

IPFire, a well-known open-source firewall solution, has introduced a new feature to protect systems from…

20 hours ago

Hackers Abuse Cloudflare WARP To Hijack Cloud Services

Recently, it has been observed that several campaigns are using Cloudflare's WARP service to target…

21 hours ago

Wiz Rejects Google’s $23 Billion Deal

Wiz, the $12 billion cloud security startup, has rejected a $23 billion acquisition offer from…

24 hours ago