Unrated severityCISA KEVNVD Advisory· Published Feb 21, 2024· Updated Oct 21, 2025
Authentication bypass using an alternate path or channel
CVE-2024-1709
Description
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=23.9.7+ 1 more
- (no CPE)range: <=23.9.7
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
9- github.com/rapid7/metasploit-framework/pull/18870mitre
- techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/mitre
- www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/mitre
- www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8mitre
- www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/mitre
- www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypassmitre
- www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2mitre
- www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8mitre
- www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/mitre
News mentions
2- Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersectTenable Blog · May 27, 2026
- CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEVThe Hacker News · Apr 29, 2026