CVE-2019-16514

Name of the Vulnerable Software and Affected Versions ConnectWise Control versions 19.3.25270.7185

Description An issue in ConnectWise Control allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server.

Recommendations For version 19.3.25270.7185, consider restricting access to the extension upload feature to prevent potential exploitation until a fix is available. As a temporary workaround, limit administrative user privileges to minimize the risk of uploading malicious ZIP files.