Actively Exploited Path Traversal in ConnectWise ScreenConnect (CVE‑2024‑1708) Added to CISA KEV Catalog
What It Is — A critical path‑traversal flaw (CVE‑2024‑1708) in ConnectWise ScreenConnect allows an unauthenticated attacker to read arbitrary files on the host running the remote‑support agent. The vulnerability carries a CVSS 8.4 rating.
Exploitability — CISA’s KEV listing confirms the bug is being weaponised in the wild; proof‑of‑concept code and active exploit kits have been observed.
Affected Products — ConnectWise ScreenConnect (remote‑support client) and several Microsoft Windows components referenced in the same CISA advisory (exact Windows CVE not disclosed).
TPRM Impact — Suppliers that rely on ConnectWise for remote management expose their internal networks and customer data to third‑party compromise; downstream MSPs and their client bases inherit the risk.
Recommended Actions —
- Deploy ConnectWise’s latest patched version (or apply the vendor‑issued mitigation) immediately.
- Verify Windows systems are patched for the associated CISA‑listed flaw.
- Conduct a rapid inventory of all third‑party services using ScreenConnect and enforce MFA for remote sessions.
- Update incident‑response playbooks to include detection of abnormal file‑access patterns on affected hosts.
Source: The Hacker News