CVE-2024-1708

Published Feb 21, 2024

Last updated a month ago

Exploit knownCVSS high 8.4
VDI
Cloud
Network
Zero-day
Port (443)

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-1708 is a path traversal vulnerability affecting ConnectWise ScreenConnect versions up to 23.9.7. This flaw allows an attacker to manipulate file paths, potentially gaining unauthorized access to files or directories located outside the intended restricted directory. Specifically, it is described as a "Zip Slip" vulnerability within the ScreenConnect extension handling mechanism, where vulnerable versions failed to properly validate filenames within a zip archive during extension uploads. This manipulation could lead to remote code execution or compromise sensitive data and critical systems. It is often exploited in conjunction with CVE-2024-1709, an authentication bypass vulnerability.

Description
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.
Source
9119a7d8-5eab-497f-8521-727c672e3725
NVD status
Analyzed
Products
screenconnect

Risk scores

CVSS 3.1

Type
Primary
Base score
8.4
Impact score
6
Exploitability score
1.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
ConnectWise ScreenConnect Path Traversal Vulnerability
Exploit added on
Apr 28, 2026
Exploit action due
May 12, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

9119a7d8-5eab-497f-8521-727c672e3725
CWE-22
nvd@nist.gov
CWE-22

Social media

Hype score
Not currently trending

  1. 🚨 THREAT INTEL | May 12, 2026 🔴 CVEs DUE TODAY: CVE-2024-1708 (ConnectWise RCE), CVE-2026-32202 (Windows) 🔥 OVERDUE: PAN-OS RCE, Cisco FMC Ransomware RCE 🐛 LIVE: Mirai/Mozi botnets + Manji malware 🔐 NEW C&C: Vidar, AsyncRAT, PureHVNC #ThreatIntel #CyberSecurity

    @404LABSx

    12 May 2026

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. A path traversal vulnerability (CVE-2024-1708) affects ConnectWise ScreenConnect. Apply vendor mitigations soon or consider discontinuing use if unavailable. Stay proactive to protect your IT environment. #Cybersecurity

    @ADKCyber

    7 May 2026

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. A known path traversal vulnerability in ConnectWise ScreenConnect (CVE-2024-1708) requires timely action. Businesses using this tool should apply vendor mitigations or consider alternatives before the May 2026 deadline to maintain security hygiene. #Cybersecurity

    @ADKCyber

    7 May 2026

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CISA KEV 警告 26/04/28:ScreenConnect の脆弱性 CVE-2024-1708 を登録 https://t.co/hPHyglFj3E 脆弱性 CVE-2024-1708

    @iototsecnews

    7 May 2026

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. The ConnectWise ScreenConnect vulnerability (CVE-2024-1708) requires action by May 2026. Review vendor guidance, apply necessary mitigations, or consider alternatives if unavailable. Stay proactive to protect your IT environment. #Cybersecurity

    @ADKCyber

    6 May 2026

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. The ConnectWise ScreenConnect Path Traversal vulnerability (CVE-2024-1708) highlights the importance of promptly applying vendor-recommended mitigations or considering alternative solutions to maintain your cybersecurity hygiene. #Cybersecurity

    @ADKCyber

    6 May 2026

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2024-1708 affects ConnectWise ScreenConnect with a path traversal vulnerability. Small and mid-sized businesses should follow vendor mitigation steps or consider alternatives before the 2026-05-12 deadline to maintain strong security posture. #Cybersecurity

    @ADKCyber

    5 May 2026

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. If you use ConnectWise ScreenConnect, review vendor guidance about CVE-2024-1708, a path traversal vulnerability. Apply recommended mitigations or consider alternatives before the May 2026 deadline. Staying informed helps reduce potential risk. #Cybersecurity

    @ADKCyber

    4 May 2026

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 THREAT INTEL | May 4, 2026 🔴 cPanel auth bypass (CVE-2026-41940) ACTIVELY EXPLOITED 🔴 ScreenConnect RCE (CVE-2024-1708) — 30+ live C2s 🔴 Cisco SD-WAN Emergency Directive 500+ live malware URLs | Mirai, Vidar, LummaStealer active #ThreatIntel #Cybersecurity #SOC ht

    @404LABSx

    4 May 2026

    145 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2024-1708: ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.

    @lyrie_ai

    2 May 2026

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. CISA adds CVE-2024-1708 to KEV: A high-severity (8.4) path traversal flaw in ConnectWise ScreenConnect, actively exploited. Stay updated and secure your systems. https://t.co/7vZP29qAXx

    @technoholic_me

    2 May 2026

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Cyber watch: 🔴 Gemini CLI host RCE: patch CLI/action, audit tokens. 🔴 ScreenConnect CVE-2024-1708 in KEV: patch exposed remote-access servers. 🟡 Mini Shai-Hulud hits npm/PyPI/PHP: rotate dev secrets. https://t.co/pBWq66uIkZ

    @solomonneas

    1 May 2026

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 THREAT INTEL | May 1, 2026 PATCH: CVE-2026-41940 cPanel (due May 3) + CVE-2024-1708 ConnectWise RCE ACTIVE: QakBot C2, Vidar, LummaStealer, 500+ malicious URLs NEW: Needle Stealer + PhantomRPC Windows LPE #CyberSecurity #Infosec https://t.co/kJ4xBBgQTp

    @404LABSx

    1 May 2026

    96 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 📌 أضافت CISA ثغرتين يتم استغلالهما بشكل فعال في ConnectWise و Windows إلى قائمة KEV أضافت وكالة الأمن السيبراني وأمن البنية التحتية الأمريكية (CISA) ثغرتين جديدتين إلى

    @MisbarSec

    30 Apr 2026

    279 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 CISA KEV Alert: Active Exploits CISA added CVE-2024-1708 (ConnectWise ScreenConnect) + Windows flaw to KEV after active exploitation confirmed. Patch urgently—these are being used in real attacks. https://t.co/Lzg8pulVU3 #CyberSecurity #CISA #KEV #Windows https://t.co/

    @techpio_team

    30 Apr 2026

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Cybersecurity and Infrastructure Security Agency warns of active exploitation of a critical flaw in ConnectWise ScreenConnect (CVE-2024-1708). 𝐑𝐞𝐚𝐝 𝐟𝐮𝐥𝐥 𝐬𝐭𝐨𝐫𝐲 : https://t.co/0CmKE361rW https://t.co/sDqCTMBtn1

    @CyberTech_In

    30 Apr 2026

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🚨 CISA confirms active exploitation of CVE-2024-1708 in ConnectWise ScreenConnect. Path traversal → remote code execution → full network takeover. Ransomware groups are already on this. Patch by May 12 or isolate NOW. This isn't just a US problem. #CyberSecurity #InfoSe

    @KaliSushanth

    30 Apr 2026

    44 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CISAが既知の悪用された脆弱性2件をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Apr 28) CVE-2024-1708 ConnectWise ScreenConnect パストラバーサル脆弱性 CVE-2026-32202 Microsoft Windows保護メカニズムの不

    @foxbook

    30 Apr 2026

    198 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. TRC analysis shows attackers exploiting CVE-2024-1708 in ConnectWise ScreenConnect to upload malicious extensions for remote code execution. Post-compromise activity includes privilege escalation and lateral movement across connected systems. Runtime segmentation helps limit

    @aviatrixtrc

    29 Apr 2026

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CISAが既知の悪用された脆弱性2件をカタログに追加 https://t.co/T31X6yamhs CVE-2024-1708  ConnectWise ScreenConnect パストラバーサル脆弱性 CVE-2026-32202  Microsoft Windows保護メカニズムの不具合の脆弱性

    @cybersecnews_jp

    29 Apr 2026

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨CISA just added actively exploited ConnectWise & Windows flaws to its KEV catalog. CVE-2024-1708 scores 8.4 CVSS. But here's what the AI security world should take from this: your LLM infrastructure has the same exposure surface as any other networked system.

    @AISGateway

    29 Apr 2026

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  22. NEW THREAT INTEL: ScreenConnect CVE-2024-1708 added to CISA KEV - Storm-1175/Medusa exploiting path traversal for ransomware. 9 detections, 19 IOCs. https://t.co/3kgjdNTm2T #ThreatIntel #CyberSecurity #Ransomware #CISA #ScreenConnect https://t.co/X9gqmYZUoA

    @threadlinqs

    29 Apr 2026

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. The ConnectWise ScreenConnect path traversal vulnerability (CVE-2024-1708) has known exploits. Review vendor updates and consider applying mitigations or alternatives by May 2026 to manage risks effectively. #CyberSecurity

    @ADKCyber

    29 Apr 2026

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。(4/28追加) 🛡️No.1585 CVE-2024-1708 ConnectWise ScreenConnect Path Traversal Vulnerability ==================================== ✅概要 ・深刻度:重要 8.4 (CVSS Base) / Cyb

    @piyokango

    29 Apr 2026

    4129 Impressions

    0 Retweets

    8 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  25. TRC analysis shows attackers exploiting CVE-2024-1708 in ConnectWise ScreenConnect to achieve remote code execution, then pivoting laterally across networks. Runtime segmentation helps contain such post-compromise movement by limiting blast radius between network segments.

    @aviatrixtrc

    29 Apr 2026

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. CISA added two actively exploited flaws impacting ConnectWise ScreenConnect (CVE-2024-1708) and Microsoft Windows to its KEV catalog. Patch immediately—these vulnerabilities frequently fuel ransomware campaign... https://t.co/NzKgP9cPYE

    @yasirrazahaidry

    29 Apr 2026

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 📌 أضافت CISA ثغرتين إلى كتالوج KEV بسبب استغلالهما بشكل فعال 🛡️ الفئة: ثغرة 📝 الملخص: أضافت CISA ثغرتين إلى كتالوج الثغرات المعروفة المستغلة (KEV) وهما CVE-2024-17

    @GMashari

    29 Apr 2026

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 📌 أضافت CISA ثغرتين إلى كتالوج KEV أضافت CISA ثغرتين إلى كتالوج الثغرات المعروفة المستغلة (KEV) وهما CVE-2024-1708 و CVE-2024-1709، بسبب وجود أدلة على استغلالهم بشكل فعال. ا

    @MisbarSec

    29 Apr 2026

    251 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. BREAKING: CISA adds actively exploited ScreenConnect flaws CVE-2024-1708 and CVE-2024-1709 to KEV catalog, confirming ongoing attacks via SlashAndGrab exploit chain. https://t.co/CZ2FUn0lnU

    @threatcluster

    29 Apr 2026

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🚨 CISA KEV ALERT: SCREENCONNECT 🚨 CISA just flagged an actively exploited, high-severity vulnerability in ConnectWise ScreenConnect. Priority Action Items: Vulnerability: CVE-2024-1708 (CVSS Score: 8.4) Flaw: Path Traversal Impact: This vulnerability allows an

    @CyhawkAfrica

    29 Apr 2026

    111 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  31. ConnectWise ScreenConnect path traversal vulnerability CVE-2024-1708 & Microsoft Windows protection mechanism failure vulnerability CVE-2026-32202 added to KEV

    @password_ng

    29 Apr 2026

    90 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに、ConnectWise ScreenConnectのCVE-2024-1708とWindows ShellのCVE-2026-32202が追加。対処期限は通常の5/12。ランサムウェアによる悪用

    @__kokumoto

    29 Apr 2026

    966 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  33. CISA just added ConnectWise ScreenConnect (CVE-2024-1708) to KEV — confirmed active exploitation. The real risk isn't just the vuln. It's what ScreenConnect is: a trusted remote access tool with privileged reach across every downstream environment it manages. One compromised ht

    @ByteVanguardSec

    29 Apr 2026

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. CISA added CVE-2024-1708 to KEV. Path traversal → RCE in ConnectWise ScreenConnect. Companion to the 2024 auth bypass ransomware crews used to mass-compromise MSPs. Self-hosted SC: patch by May 12. https://t.co/z6H0JHmtQp

    @TechTranslators

    28 Apr 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 🛡️ We added ConnectWise ScreenConnect path traversal vulnerability CVE-2024-1708 & Microsoft Windows protection mechanism failure vulnerability CVE-2026-32202 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecuri

    @CISACyber

    28 Apr 2026

    5488 Impressions

    15 Retweets

    40 Likes

    9 Bookmarks

    5 Replies

    0 Quotes

Configurations

Related CVEs

  1. Nx Console Embedded Malicious Code VulnerabilityCVE-2026-48027
  2. Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host` header, a malformed header could make `request.url.path` differ from the path that was actually requested. Middleware and endpoints that apply security restrictions based on `request.url` (rather than the raw `scope` path) could therefore be bypassed. Users should upgrade to a version greater than or equal to version 1.0.1, which validates the `Host` header against the grammar of RFC 9112 §3.2 / RFC 3986 §3.2.2 when constructing `request.url` and falls back to `scope["server"]` for malformed values.CVE-2026-48710
  3. Trend Micro Apex One (On-Premise) Directory Traversal VulnerabilityCVE-2026-34926
  4. LiteSpeed cPanel Plugin Privilege Escalation VulnerabilityCVE-2026-48172
  5. Drupal Core SQL Injection VulnerabilityCVE-2026-9082

References

Sources include official advisories and independent security research.