CVE-2022-36781

Name of the Vulnerable Software and Affected Versions ConnectWise ScreenConnect versions 22.6 and below

Description The issue allows potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this to gain unauthorized access by repeatedly attempting access code combinations. This could lead to sensitive data exposure. ConnectWise has addressed this issue in later versions by implementing rate-limiting controls as a preventive measure against brute force attacks.

Recommendations For ConnectWise ScreenConnect versions 22.6 and below, update to a version later than 22.6 to address the issue by implementing rate-limiting controls. As a temporary workaround, consider configuring rate-limiting controls manually to prevent brute force attacks until a patch is applied. Restrict access to custom access tokens to minimize the risk of exploitation.