ADVERTISEMENT

ConnectWise critical exploit, already in wild, is about to 'erupt'

A recently discovered ConnectWise level 10 CVSS vulnerability, affecting its ScreenConnect remote desktop and access software, is being exploited in the wild – and is expected to escalate in magnitude, according to researchers at Huntress Labs.

Common Vulnerability Scoring System (CVSS)

Image by Jne Valokuvaus | Shutterstock

Stefanie Schappert
Stefanie Schappert Senior Journalist
Feb 22, 2024 Updated: 22 February 2024 3 min read
ConnectWise Control
ConnectWise is a global software company and IT solutions provider. ScreenConnect (formally ConnectControl) is one of the numerous managed service provider (MSP) platforms offered to clients.

Two critical flaws

  • CWE-288 Authentication bypass using an alternate path or channel
  • CWE-22 Improper limitation of a pathname to a restricted directory (“path traversal”)

Cybersecurity powderkeg

ADVERTISEMENT
  • 155.133.5.15
  • 155.133.5.14
  • 118.69.65.60

Temporary hot-fix created

ADVERTISEMENT