CVE-2024-1708
Improper limitation of a pathname to a restricted directory (“path traversal”)
CVSS Score
8.4
EPSS Score
0.0%
EPSS Percentile
0th
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.
| CWE | CWE-22 |
| Vendor | connectwise |
| Product | screenconnect |
| Published | Feb 21, 2024 |
| Last Updated | Apr 28, 2026 |
⚠️ Actively Exploited — Act Now
Get instant alerts for connectwise screenconnect
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-1708.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
ConnectWise / ScreenConnect
0 ≤ 23.9.7
References
connectwise.com: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 huntress.com: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass microsoft.com: https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/ cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1708