mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
3.2 KiB
3.2 KiB
CVE-2024-1709
Description
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
POC
Reference
- https://github.com/rapid7/metasploit-framework/pull/18870
- https://github.com/rapid7/metasploit-framework/pull/18870
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
- https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/
- https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/
- https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
- https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
- https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/
- https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
- https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
- https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
- https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
- https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
Github
- https://github.com/GhostTroops/TOP
- https://github.com/HussainFathy/CVE-2024-1709
- https://github.com/Juan921030/sploitscan
- https://github.com/Ostorlab/KEV
- https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE
- https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708
- https://github.com/codeb0ss/CVE-2024-1709-PoC
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/myseq/vcheck-cli
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/securitycipher/daily-bugbounty-writeups
- https://github.com/sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-Bypass
- https://github.com/tr1pl3ight/CVE-2024-21762-POC
- https://github.com/tr1pl3ight/CVE-2024-23113-POC
- https://github.com/tr1pl3ight/POCv2.0-for-CVE-2024-1709
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
- https://github.com/xaitax/SploitScan