CVE-2024-1709 — ConnectWise ScreenConnect Authentication Bypass Vulnerability
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
Published
2024-02-21T15:36:03.960Z
Last modified
2025-10-21T23:05:24.008Z
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA KEV — Actively Exploited
01What is this vulnerability?
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
02Affected products
| Vendor | Product | Versions |
|---|
| ConnectWise | ScreenConnect | 0 |
03Active exploitation status
Yes — actively exploited. Added to the CISA KEV catalog on 2024-02-22. Ransomware use: Known.
04Recommended remediation
- Patch to a fixed version listed in the vendor advisory (see references below).
- Mitigate with WAF rules, network egress filters, or feature flags where the patch is not yet available.
- Hunt historical logs for exploitation indicators — see Detection signatures below.
05Technical details
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
06Detection signatures
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
Open in Sigma generator →
07Related CVEs
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.
08Timeline
- Published: 2024-02-21T15:36:03.960Z
- Last modified: 2025-10-21T23:05:24.008Z
- Added to CISA KEV: 2024-02-22
- BOD 22-01 due: 2024-02-29
09References
- www.connectwise.com — https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenc…
- www.huntress.com — https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenc…
- www.huntress.com — https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
- www.bleepingcomputer.com — https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-a…
- github.com — https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-…
- github.com — https://github.com/rapid7/metasploit-framework/pull/18870
- www.horizon3.ai — https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-…
- techcrunch.com — https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-un…
- www.securityweek.com — https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-activ…
- www.huntress.com — https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screen…
Want this in your SOAR or SIEM?
SARA's API returns EPSS, CVSS, KEV, and an analyst-grade summary in one call.
Read the API reference →