Threat Brief: ConnectWise ScreenConnect Vulnerabilities
released on 2024-02-22 @ 09:26:27 AM
ConnectWise was notified of two vulnerabilities impacting their remote desktop software ScreenConnect on Feb. 13, 2024. The vulnerabilities allow for remote code execution and authentication bypass. As of Feb. 21, 2024, over 18,000 IP addresses were observed hosting vulnerable ScreenConnect software globally. The vulnerabilities are considered highly severe and likely to be exploited. Mitigation guidance recommends patching vulnerable systems as soon as possible.