PT-2024-13433 · Connectwise · Connectwise Screenconnect
Dennis Carlson
·
Published
2024-02-01
·
Updated
2024-02-15
·
CVE-2023-47257
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ConnectWise ScreenConnect versions through 23.8.4
Description
The issue allows man-in-the-middle attackers to achieve remote code execution via crafted messages.
Recommendations
For ConnectWise ScreenConnect versions through 23.8.4, update to a version later than 23.8.4 to resolve the issue.
At the moment, there is no information about additional mitigation measures for this specific issue.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Connectwise Screenconnect