admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-1709.md
0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00

50 lines
3.2 KiB
Markdown
Raw Blame History

### [CVE-2024-1709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1709)
![](https://img.shields.io/static/v1?label=Product&message=ScreenConnect&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%20Authentication%20bypass%20using%20an%20alternate%20path%20or%20channel&color=brighgreen)
### Description
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
### POC
#### Reference
- https://github.com/rapid7/metasploit-framework/pull/18870
- https://github.com/rapid7/metasploit-framework/pull/18870
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
- https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/
- https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/
- https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
- https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
- https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/
- https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
- https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
- https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
- https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
- https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
#### Github
- https://github.com/GhostTroops/TOP
- https://github.com/HussainFathy/CVE-2024-1709
- https://github.com/Juan921030/sploitscan
- https://github.com/Ostorlab/KEV
- https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE
- https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708
- https://github.com/codeb0ss/CVE-2024-1709-PoC
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/myseq/vcheck-cli
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/securitycipher/daily-bugbounty-writeups
- https://github.com/sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-Bypass
- https://github.com/tr1pl3ight/CVE-2024-21762-POC
- https://github.com/tr1pl3ight/CVE-2024-23113-POC
- https://github.com/tr1pl3ight/POCv2.0-for-CVE-2024-1709
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
- https://github.com/xaitax/SploitScan
Reference in New Issue View Git Blame Copy Permalink