Lucene search
K

19 matches found

Nuclei
Nuclei
added 21 hours ago77 views

ConnectWise ScreenConnect 23.9.7 - Authentication Bypass

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. id: CVE-2024-1709 info: name: ConnectWise ScreenConnect 23.9.7 -...

10CVSS7.1AI score0.99959EPSS
Exploits8References5
GithubExploit
GithubExploit
added 2024/10/16 8:5 a.m.337 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Connectwise Screenconnect

Mass-CVE-2024-1709 Original: https://github.com/W01fh4cker/S...

10CVSS9.8AI score0.99959EPSS
Exploits8
The Hacker News
The Hacker News
added 2024/03/22 11:28 a.m.59 views

China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws

A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an "aggressive" campaign. Google-owned Mandiant is tracking the activity under its...

10CVSS9.3AI score0.99999EPSS
Exploits48
The Hacker News
The Hacker News
added 2024/03/05 4:18 p.m.74 views

Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware

North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark...

10CVSS9.4AI score0.99959EPSS
Exploits9
Rapid7 Blog
Rapid7 Blog
added 2024/03/01 8:0 p.m.45 views

Metasploit Weekly Wrap-Up 03/01/2024

Connect the dots from authentication bypass to remote code execution This week, our very own sfewer-r7 added a new exploit module that leverages an authentication bypass vulnerability in ConnectWise ScreenConnect to achieve remote code execution. This vulnerability, CVE-2024-1709, affects all...

7.5CVSS9AI score0.99959EPSS
Exploits8
hivepro
hivepro
added 2024/02/27 7:44 a.m.37 views

Attacks, Vulnerabilities and Actors 19 to 25 February 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of fifteen attacks were executed, five vulnerabilities were uncovered, and five active adversaries...

7.5CVSS8AI score0.99959EPSS
Exploits9
Trend Micro Simply Security
Trend Micro Simply Security
added 2024/02/27 12:0 a.m.39 views

Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities

This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry...

10CVSS7.4AI score0.99959EPSS
Exploits9
Metasploit
Metasploit
added 2024/02/24 7:50 p.m.665 views

ConnectWise ScreenConnect Unauthenticated Remote Code Execution

This module exploits an authentication bypass vulnerability that allows an unauthenticated attacker to create a new administrator user account on a vulnerable ConnectWise ScreenConnect server. The attacker can leverage this to achieve RCE by uploading a malicious extension module. All versions of...

8.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/02/23 1:37 p.m.45 views

Update now! ConnectWise ScreenConnect vulnerability needs your attention

ConnectWise is warning self-hosted and on-premise customers that they need to take immediate action to remediate a critical vulnerability in its ScreenConnect remote desktop software. This software is typically used in data-centers and for remote assistance. Together ConnectWise’s partners manage...

7.5CVSS8.8AI score0.99959EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2024/02/22 12:0 a.m.54 views

ConnectWise ScreenConnect Service < 23.9.8 Multiple Vulnerabilities

According to its version, the ConnectWise ScreenConnect Service remote access software installed on the remote Windows host is prior to 23.9.8. It is, therefore affected by multiple vulnerabilities: - A path-traversal vulnerability which may allow an attacker the ability to execute remote code or...

10CVSS7.7AI score0.99959EPSS
Exploits9References3
Circl
Circl
added 2024/02/21 5:22 p.m.14 views

CVE-2024-1709

creationtimestamp| type| source ---|---|--- 2024-02-21 17:22:11+00:00| seen| https://t.me/ctinow/189798 2024-02-21 17:31:31+00:00| seen| https://t.me/ctinow/189812 2024-02-21 18:52:29+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/6653 2024-02-22 03:16:53+00:00| seen|...

10CVSS7.1AI score0.99959EPSS
In wildExploits8References61
NVD
NVD
added 2024/02/21 4:15 p.m.25 views

CVE-2024-27215

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1709. Reason: This candidate is a duplicate of CVE-2024-1709. Notes: All CVE users should reference CVE-2024-1709 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

9.7AI score
Exploits7
Prion
Prion
added 2024/02/21 4:15 p.m.22 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1709. Reason: This candidate is a duplicate of CVE-2024-1709. Notes: All CVE users should reference CVE-2024-1709 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

7.2AI score0.99959EPSS
Exploits9
Vulnrichment
Vulnrichment
added 2024/02/21 3:36 p.m.23 views

CVE-2024-1709 Authentication bypass using an alternate path or channel

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems...

10CVSS6.9AI score0.99959EPSS
Exploits8References10
CVE
CVE
added 2024/02/21 3:36 p.m.737 views

CVE-2024-1709

CVE-2024-1709 affects ConnectWise ScreenConnect (23.9.7 and earlier). It is an Authentication Bypass Using an Alternate Path or Channel that can grant direct access to confidential information or critical systems. Multiple sources indicate active exploitation and urge patching; ConnectWise releas...

10CVSS8.6AI score0.99959EPSS
In wildExploits8References11Affected Software1
Cvelist
Cvelist
added 2024/02/21 3:36 p.m.33 views

CVE-2024-1709 Authentication bypass using an alternate path or channel

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems...

10CVSS9.5AI score0.99959EPSS
Exploits8References10
GithubExploit
GithubExploit
added 2024/02/21 9:42 a.m.285 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Connectwise Screenconnect

How to use I'm using Python3.9 pip install requests...

10CVSS9.6AI score0.99959EPSS
Exploits9
GithubExploit
GithubExploit
added 2024/02/21 5:40 a.m.90 views

Exploit for Path Traversal in Connectwise Screenconnect

CVE-2024-1708 and CVE-2024-1709 A Proof of Concept developed...

10CVSS7.9AI score0.99959EPSS
Exploits9
ATTACKERKB
ATTACKERKB
added 2024/02/21 12:0 a.m.138 views

CVE-2024-1709

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. Recent assessments: sfewer-r7 at February 22, 2024 4:54pm UTC reported:...

10CVSS9.4AI score0.99959EPSS
In wildExploits8References11
Rows per page
Query Builder