Lucene search

K
cvelistCisa-cgCVELIST:CVE-2024-1708
HistoryFeb 21, 2024 - 3:29 p.m.

CVE-2024-1708 Improper limitation of a pathname to a restricted directory (“path traversal”)

2024-02-2115:29:10
CWE-22
cisa-cg
www.cve.org
cve-2024-1708
connectwise screenconnect
path-traversal
vulnerability
remote code execution
confidential data
critical systems

8.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

19.0%

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker

the ability to execute remote code or directly impact confidential data or critical systems.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ScreenConnect",
    "vendor": "ConnectWise",
    "versions": [
      {
        "changes": [
          {
            "at": "23.9.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "23.9.7 ",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

8.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

19.0%