Ransomware Warning as CVSS 10.0 ScreenConnect Bug is Exploited
(www.infosecurity-magazine.com)
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 23 Feb 2024 11:25
https://sh.itjust.works/post/15074489
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 23 Feb 2024 11:25
https://sh.itjust.works/post/15074489
IT administrators are urged to immediately patch on-premises ScreenConnect servers due to active exploitation of a critical vulnerability, CVE-2024-1709, with a maximum CVSS score of 10.0. This authentication bypass bug allows for arbitrary code execution and sensitive data access without user interaction. ConnectWise, the software’s developer, also disclosed a path traversal vulnerability, CVE-2024-1708, with a CVSS score of 8.4. While cloud instances have been updated, on-premises installations require manual patching. The vulnerabilities pose significant risks, with potential for ransomware attacks, especially given the software’s widespread use and the trust placed in remote access tools.
threaded - newest