High severity8.4CISA KEVNVD Advisory· Published Feb 21, 2024· Updated Apr 28, 2026
CVE-2024-1708
CVE-2024-1708
Description
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker
the ability to execute remote code or directly impact confidential data or critical systems.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypassnvdExploitThird Party Advisory
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government ResourceThird Party Advisory
- www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8nvdVendor Advisory
- www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/nvdTechnical Description
News mentions
3- TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)SANS Internet Storm Center · May 4, 2026
- CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEVThe Hacker News · Apr 29, 2026
- CISA Adds Two Known Exploited Vulnerabilities to CatalogCISA Alerts