PT-2020-14128 · Connectwise · Connectwise Automate

Jason Slagle

Published

2020-07-16

Updated

2020-07-24

CVE-2020-15027

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ConnectWise Automate versions prior to 2020.7 ConnectWise Automate version 2019.12 before hotfix

Description The issue is related to insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts.

Recommendations For ConnectWise Automate versions prior to 2020.7, update to version 2020.7 or later. For ConnectWise Automate version 2019.12, apply the available hotfix.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-15027

Affected Products

Connectwise Automate

PT-2020-14128 · Connectwise · Connectwise Automate

CVE-2020-15027

Weakness Enumeration

Related Identifiers

Affected Products

References · 3