ScreenConnect Security Flaw Let Attackers Bypass Authentication
In a indispensable security advisory, ConnectWise has alerted customers of its ScreenConnect far flung earn entry to system to patch their systems in the present day as a result of two excessive vulnerabilities scream in variations 23.9.7 and earlier.
These vulnerabilities, is called CWE-288 and CWE–22, enable for authentication bypass and route traversal, posing a valuable possibility to the integrity and security of affected systems.
Are attempting ANY.RUN Yourself with a 14-day Free Trial
Greater than 300,000 analysts employ ANY.RUN is a malware analysis sandbox worldwide. Be a a part of the neighborhood to habits in-depth investigations into the stop threats and fetch detailed reports on their habits..
ScreenConnect Security Flaw
The first vulnerability, CWE-288, enables attackers to avoid authentication mechanisms the employ of an exchange route or channel, receiving one of the best severity accept of 10.
This flaw also can enable unauthorized earn entry to to the system, potentially ensuing in extra exploitation.
The second vulnerability, CWE-22, involves imperfect limitation of a pathname to a restricted directory, is called ‘route traversal,’ with a wrong accept of 8.4.
This pain also can enable attackers to earn entry to files or directories beginning air the specified dispute, compromising the system’s security.
ScreenConnect is widely venerable for far flung earn entry to by organizations globally, making these vulnerabilities particularly touching on as a result of the aptitude for attackers to employ susceptible conditions and push ransomware or other malicious payloads to downstream purchasers.
This possibility is mainly acute for managed provider suppliers (MSPs) or managed security services suppliers (MSSPs) who employ ScreenConnect to bear a watch on client environments remotely.
Shodan has reported that over 7,900 servers that are connected are working variations of ScreenConnect that are susceptible.
Mitigation and Response
ConnectWise has taken instant action to tackle these vulnerabilities by releasing version 23.9.8 of ScreenConnect, which patches these indispensable security flaws.
Cloud customers of ScreenConnect stop no longer have to hang any action, as cloud conditions have been automatically up to this point to the most trendy stable version.
Alternatively, on-premise customers are strongly urged to exchange their servers to version 23.9.8 in the present day to mitigate the hazards posed by these vulnerabilities.
Security researchers at Huntress and Rapid7 have echoed the urgency of making employ of those patches, with Huntress efficiently creating and validating a proof-of-idea exploit for the vulnerabilities.
Over 8,800 servers have been reported as working a susceptible version, highlighting the present capacity influence.
Indicators of compromise
IOCs:
- 155.133.5.15
- 155.133.5.14
- 118.69.65.60
Source credit : cybersecuritynews.com