CVE-2024-1708 Improper limitation of a pathname to a restricted directory (“path traversal”)

2024-02-2115:29:10

CWE-22

cisa-cg

github.com

cve-2024-1708

improper limitation

restricted directory

remote code execution

confidential data

critical systems

8.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

8 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

19.1%

JSON

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker

the ability to execute remote code or directly impact confidential data or critical systems.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ScreenConnect",
    "vendor": "ConnectWise",
    "versions": [
      {
        "changes": [
          {
            "at": "23.9.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "23.9.7 ",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]