CVE-2024-1708

Name of the Vulnerable Software and Affected Versions ConnectWise ScreenConnect versions 23.9.7 and prior

Description ConnectWise ScreenConnect is affected by a path-traversal vulnerability. This issue may allow a remote attacker to execute code or impact confidential data and critical systems. Reports indicate active exploitation of this issue, with ransomware operators observed leveraging it. The vulnerability stems from improper restriction of the path name to an accessible directory. The vulnerability is actively exploited.

Recommendations Versions prior to 23.9.8 are affected. Update to version 23.9.8 or later to address this vulnerability.