What is the Vulnerability?
On February 19, 2024, ConnectWise published a security advisory for their remote desktop application software called ScreenConnect. One of the flaws, CVE-2024-1709 is an authentication bypass vulnerability that could let attackers gain administrative access to a ScreenConnect instance. That vulnerability has a public proof-of-concept (PoC) available and recently been added to CISA’s known exploited catalog. The second flaw tracked as CVE-2024-1708 is a path traversal vulnerability that may allow an attacker to execute remote code.
What is the Vendor Solution?
ConnectWise has released a patch covering both vulnerabilities. [ Link ]
What FortiGuard Coverage is available?
FortiGuard Labs is currently investigating related protections and will update as soon as they are available.
FortiGuard Labs recommends companies to apply the most recent upgrade or patch from the vendor as soon as possible.