Unrated severityCISA KEVNVD Advisory· Published Feb 21, 2024· Updated Oct 21, 2025
Authentication bypass using an alternate path or channel
CVE-2024-1709
Description
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
Affected products
1- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- github.com/rapid7/metasploit-framework/pull/18870mitre
- techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/mitre
- www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/mitre
- www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8mitre
- www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/mitre
- www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypassmitre
- www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2mitre
- www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8mitre
- www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/mitre
News mentions
0No linked articles in our index yet.