February 27, 2024 at 11:27AM
Multiple threat actors are exploiting two recently resolved vulnerabilities in ConnectWise ScreenConnect. The flaws, tracked as CVE-2024-1709 and CVE-2024-1708, allow for authentication bypass and path traversal. ConnectWise has released patches and urged immediate updates to version 23.9.8. Trend Micro has observed various cybercrime groups exploiting the vulnerabilities for malware delivery and remote access.
Based on the meeting notes, the key takeaways are:
1. ConnectWise ScreenConnect remote desktop access software had two recently resolved vulnerabilities, tracked as CVE-2024-1709 and CVE-2024-1708, with respective CVSS scores of 10 and 8.4.
2. The vulnerabilities were an authentication bypass flaw and a path traversal bug, enabling threat actors to mimic the role of a system admin, delete users, and take over instances.
3. A proof-of-concept (PoC) exploit, named SlashAndGrab, was made public, leading to rapid exploitation by threat actors for malware delivery.
4. Cybercrime groups, including Black Basta and Bl00dy ransomware groups, were observed exploiting these vulnerabilities, deploying various activities and payloads for reconnaissance, discovery, privilege elevation, and malware delivery.
5. Trend Micro urged ConnectWise customers to update to ScreenConnect version 23.9.8 urgently, emphasizing the critical security requirement to protect systems from the identified threats.
Let me know if you need any further clarification or information!