Name of the Vulnerable Software and Affected Versions:

ConnectWise ScreenConnect versions 23.9.7 and prior

Description:

The vulnerability is an authentication bypass using an alternate path or channel, which may allow an attacker direct access to confidential information or critical systems. This issue has been exploited in real-world attacks, with threat actors using it to deploy ransomware and steal information. The estimated number of potentially affected devices worldwide is not specified, but it is known that hundreds of initial access brokers and cybercrime gangs are exploiting this vulnerability, threatening organizations and downstream customers. Technical details about exploitation include the use of an alternate path or channel to bypass authentication, potentially allowing attackers to create admin accounts, delete other users, and take over vulnerable instances.

Recommendations:

To resolve the issue for ConnectWise ScreenConnect versions 23.9.7 and prior, update to the patched version immediately. As a temporary workaround, consider restricting access to the vulnerable software until a patch is applied. Additionally, enabling multi-factor authentication (MFA) can help minimize the risk of exploitation. It is also recommended to apply mitigations to protect organizations from cyberattacks, such as those suggested by CISA.