CVE-2024-1708

Name of the Vulnerable Software and Affected Versions ConnectWise ScreenConnect versions prior to 23.9.8

Description A path traversal flaw exists due to improper restriction of directory path names. This allows a remote attacker to bypass directory restrictions, potentially enabling the upload of malicious extensions to achieve remote code execution. Such exploitation can directly impact critical systems and confidential data. There are confirmed real-world incidents of active exploitation, where attackers have used this issue for privilege escalation and lateral movement across connected systems.

Recommendations Update to a version newer than 23.9.7. Review logs and rotate credentials to mitigate risks from potential prior compromise.