mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
2.5 KiB
2.5 KiB
CVE-2024-1709
Description
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
POC
Reference
- https://github.com/rapid7/metasploit-framework/pull/18870
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
- https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/
- https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
- https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
- https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
- https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
Github
- https://github.com/GhostTroops/TOP
- https://github.com/HussainFathy/CVE-2024-1709
- https://github.com/Juan921030/sploitscan
- https://github.com/Ostorlab/KEV
- https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE
- https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708
- https://github.com/codeb0ss/CVE-2024-1709-PoC
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/k3ppf0r/2024-PocLib
- https://github.com/myseq/vcheck-cli
- https://github.com/nitish778191/fitness_app
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/securitycipher/daily-bugbounty-writeups
- https://github.com/sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-Bypass
- https://github.com/tr1pl3ight/CVE-2024-21762-POC
- https://github.com/tr1pl3ight/CVE-2024-23113-POC
- https://github.com/tr1pl3ight/POCv2.0-for-CVE-2024-1709
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
- https://github.com/xaitax/SploitScan