๐Ÿ” CVE Alert

CVE-2024-1709

CRITICAL 10.0 โš ๏ธ CISA KEV

Authentication bypass using an alternate path or channel

CVSS Score
10.0
EPSS Score
0.0%
EPSS Percentile
0th

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

CWE CWE-288
Vendor connectwise
Product screenconnect
Published Feb 21, 2024
Last Updated Oct 21, 2025
โš ๏ธ Actively Exploited โ€” Act Now

Get instant alerts for connectwise screenconnect

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-1709.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

ConnectWise / ScreenConnect
0 โ‰ค 23.9.7

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
connectwise.com: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 huntress.com: https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8 huntress.com: https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2 bleepingcomputer.com: https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/ github.com: https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc github.com: https://github.com/rapid7/metasploit-framework/pull/18870 horizon3.ai: https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/ techcrunch.com: https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/ securityweek.com: https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/ huntress.com: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1709