← ExploitWatch
HomeExploited Vulnerabilities

CVE-2024-1709 — Actively Exploited: ScreenConnect (ConnectWise)

ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.

CVE IDCVE-2024-1709
VendorConnectWise
ProductScreenConnect
Vulnerability nameConnectWise ScreenConnect Authentication Bypass Vulnerability
Date added2024-02-22
Remediation due2024-02-29
Known ransomware useKnown
Required actionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
DescriptionConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →