High severity8.4CISA KEVNVD Advisory· Published Feb 21, 2024· Updated Apr 28, 2026
CVE-2024-1708
CVE-2024-1708
Description
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker
the ability to execute remote code or directly impact confidential data or critical systems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*range: <23.9.8
- (no CPE)range: <=23.9.7
Patches
Vulnerability mechanics
References
4- www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypassnvdExploitThird Party Advisory
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government ResourceThird Party Advisory
- www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8nvdVendor Advisory
- www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/nvdTechnical Description
News mentions
4- Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersectTenable Blog · May 27, 2026
- TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)SANS Internet Storm Center · May 4, 2026
- CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEVThe Hacker News · Apr 29, 2026
- CISA Adds Two Known Exploited Vulnerabilities to CatalogCISA Alerts