admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-1709.md
0xMarcio 2226095616 Update Sun May 26 16:36:09 UTC 2024
2024-05-26 16:36:09 +00:00

42 lines
2.4 KiB
Markdown
Raw Blame History

### [CVE-2024-1709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1709)
![](https://img.shields.io/static/v1?label=Product&message=ScreenConnect&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%20Authentication%20bypass%20using%20an%20alternate%20path%20or%20channel&color=brighgreen)
### Description
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
### POC
#### Reference
- https://github.com/rapid7/metasploit-framework/pull/18870
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
- https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/
- https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
- https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
- https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
- https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
#### Github
- https://github.com/GhostTroops/TOP
- https://github.com/HussainFathy/CVE-2024-1709
- https://github.com/Juan921030/sploitscan
- https://github.com/Ostorlab/KEV
- https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE
- https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708
- https://github.com/codeb0ss/CVE-2024-1709-PoC
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/myseq/vcheck-cli
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/securitycipher/daily-bugbounty-writeups
- https://github.com/sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-Bypass
- https://github.com/tr1pl3ight/CVE-2024-21762-POC
- https://github.com/tr1pl3ight/CVE-2024-23113-POC
- https://github.com/tr1pl3ight/POCv2.0-for-CVE-2024-1709
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
- https://github.com/xaitax/SploitScan
Reference in New Issue View Git Blame Copy Permalink