8 matches found
CVE-2024-1709
CVE-2024-1709 affects ConnectWise ScreenConnect (23.9.7 and earlier). It is an Authentication Bypass Using an Alternate Path or Channel that can grant direct access to confidential information or critical systems. Multiple sources indicate active exploitation and urge patching; ConnectWise releas...
CVE-2025-3935
CVE-2025-3935 affects ScreenConnect 25.2.3 and earlier, where ViewState code injection can enable remote code execution if machine keys are compromised. The vulnerability stems from platform-level ViewState handling in ASP.NET Web Forms rather than a ScreenConnect flaw. ScreenConnect 2025.4 patch...
CVE-2024-1708
CVE-2024-1708/1709 affect ConnectWise ScreenConnect (Server 23.9.7 and earlier). A path-traversal flaw (CVE-2024-1708) may allow remote code execution; an authentication-bypass flaw (CVE-2024-1709) enables access without credentials, potentially leading to RCE. Public exploit tooling exists (e.g....
CVE-2022-36781
CVE-2022-36781 affects ConnectWise ScreenConnect versions 22.6 and below. The root cause is inadequate rate-limiting on custom access tokens in the default configuration, enabling potential brute-force attempts to gain unauthorized access to session code protections. Multiple connected sources co...
CVE-2023-47256
ConnectWise ScreenConnect (ConnectWise Control) versions through 23.8.4 are affected. Local users can connect to arbitrary relay servers due to an implicit trust of proxy settings, exposing potential bypass of proxy controls and related security boundaries. The vulnerability description is suppor...
CVE-2023-47257
CVE-2023-47257 affects ConnectWise ScreenConnect up to version 23.8.4. A remote code execution vulnerability can be leveraged by crafting messages, with a network attack vector, no privileges required, and high impact on confidentiality, integrity, and availability. Remediation is referenced in C...
CVE-2025-14265
CVE-2025-14265 (ScreenConnect) affects the ScreenConnect server component (not host/guest clients). The issue is due to insufficient server-side validation and integrity checks within the extension subsystem, allowing the installation and execution of untrusted or arbitrary extensions by authoriz...
CVE-2025-14823
The CVE-2025-14823 issue affects ConnectWise ScreenConnect’s Certificate Signing Extension. Affected: Certificate Signing Extension prior to version 1.0.12. Description across sources shows that encrypted configuration values, including an Azure Key Vault-related key, could be exposed in client r...