CVE-2024-1709 Vulnerability Details

  /     /     /  

CVE-2024-1709 Metadata Quick Info

CVE Published: 21/02/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: cisa-cg | Vendor: ConnectWise | Product: ScreenConnect
Status : PUBLISHED

---

CVE-2024-1709 Description

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

Metrics

CVSS Version: 3.1 | Base Score: 10 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-288
CWE Name: CWE-288 Authentication bypass using an alternate path or channel
Source: ConnectWise

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).