CVE-2024-1709

Published Feb 21, 2024

Last updated 4 months ago

Exploit knownCVSS critical 10.0
VDI
Network
Zero-day
HTTP

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-1709 is a critical authentication bypass vulnerability affecting ConnectWise ScreenConnect versions up to 23.9.7. Classified as CWE-288 (Authentication Bypass Using an Alternate Path or Channel), this flaw allows unauthorized attackers to circumvent authentication mechanisms. It achieves this by exploiting a weakness in how ScreenConnect's .NET framework processes URL paths, enabling attackers to manipulate these paths to bypass normal authentication checks. This vulnerability can grant unauthenticated attackers direct access to sensitive functionalities or data, including the administrative setup wizard, which would typically require proper authentication. CVE-2024-1709 has been actively exploited in the wild and is listed in CISA's Known Exploited Vulnerabilities Catalog. It is frequently chained with CVE-2024-1708 to achieve remote code execution.

Description
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
Source
9119a7d8-5eab-497f-8521-727c672e3725
NVD status
Analyzed
Products
screenconnect

Risk scores

CVSS 3.1

Type
Primary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
ConnectWise ScreenConnect Authentication Bypass Vulnerability
Exploit added on
Feb 22, 2024
Exploit action due
Feb 29, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

9119a7d8-5eab-497f-8521-727c672e3725
CWE-288
nvd@nist.gov
NVD-CWE-Other

Social media

Hype score
Not currently trending

  1. The window closed BLUF: The time between vulnerability disclosure and active exploitation is now measured in days, not sprints. Traditional patch cycles were not built for this. 1. Two days is not a cycle The disclosure-to-KEV gap on CVE-2024-1709 (ConnectWise ScreenConnect,

    @GoCocoaAI

    1 Jun 2026

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. CVE-2024-1709: ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.

    @lyrie_ai

    3 May 2026

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. 📌 أضافت CISA ثغرتين يتم استغلالهما بشكل فعال في ConnectWise و Windows إلى قائمة KEV أضافت وكالة الأمن السيبراني وأمن البنية التحتية الأمريكية (CISA) ثغرتين جديدتين إلى

    @MisbarSec

    30 Apr 2026

    279 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 📌 أضافت CISA ثغرتين إلى كتالوج KEV بسبب استغلالهما بشكل فعال 🛡️ الفئة: ثغرة 📝 الملخص: أضافت CISA ثغرتين إلى كتالوج الثغرات المعروفة المستغلة (KEV) وهما CVE-2024-17

    @GMashari

    29 Apr 2026

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 📌 أضافت CISA ثغرتين إلى كتالوج KEV أضافت CISA ثغرتين إلى كتالوج الثغرات المعروفة المستغلة (KEV) وهما CVE-2024-1708 و CVE-2024-1709، بسبب وجود أدلة على استغلالهم بشكل فعال. ا

    @MisbarSec

    29 Apr 2026

    251 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. BREAKING: CISA adds actively exploited ScreenConnect flaws CVE-2024-1708 and CVE-2024-1709 to KEV catalog, confirming ongoing attacks via SlashAndGrab exploit chain. https://t.co/CZ2FUn0lnU

    @threatcluster

    29 Apr 2026

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2024-1709: CVE-2024-1709: ConnectWise ScreenConnect Supply Chain Breach Vector... (10.0 → 23.9.7)

    @lyrie_ai

    29 Apr 2026

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. 🔴 ConnectWise ScreenConnect, Path Traversal leading to RCE, #CVE-2024-1709 (High) https://t.co/v3XStawG6M

    @dailycve

    29 Apr 2026

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. I cannot post the full snort rules but u might want to add them, . [CVE-2024-1709] ConnectWise ScreenConnect Authentication Bypass  . [CVE-2024-21887] Ivanti Connect Secure Command Injection  . [CVE-2024-3400] Palo Alto PAN-OS GlobalProtect Command Injection

    @SteveAJ777

    25 Apr 2026

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🎯 DIB Threat Briefing — March 20, 2026 1560 CVEs tracked • 25 threat actors • 14 sectors **Top DIB Targets:** • APT28 (Russia) — Defense Industrial Base + Aerospace (CVE-2024-23897, CVE-2024-1709) • APT29 (Russia) — Energy + Govt overlap (CVE-2024-3400, CVE-202

    @DeusLogica

    20 Mar 2026

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🎯 Threat Intel: Critical vulnerabilities in widely-used DIB tools: 🔴 Fortinet FortiOS (CVE-2024-21762) • CVSS 10.0 - Out-of-bounds write • Exploited by: Qilin, Dragon Force • CISA KEV listed 🔴 ConnectWise ScreenConnect (CVE-2024-1709) • CVSS 10.0 - Auth bypas

    @DeusLogica

    20 Mar 2026

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. #threatreport #LowCompleteness ConnectUnwise: Threat actors abuse ConnectWise as builder for signed malware | 28-06-2025 Source: https://t.co/D7Mxw8T63P Key details below ↓ 💀Threats: Screenconnect_tool, 🔓CVEs: CVE-2024-1709 \[[Vulners](https://t.co/JNxR1OMVVw)] - CVSS

    @rst_cloud

    29 Jun 2025

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Actively exploited CVE : CVE-2024-1709

    @transilienceai

    3 Jun 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Actively exploited CVE : CVE-2024-1709

    @transilienceai

    2 Jun 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Actively exploited CVE : CVE-2024-1709

    @transilienceai

    1 Jun 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. Actively exploited CVE : CVE-2024-1709

    @transilienceai

    1 Jun 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. Actively exploited CVE : CVE-2024-1709

    @transilienceai

    31 May 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. Actively exploited CVE : CVE-2024-1709

    @transilienceai

    30 May 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. 🚨 ScreenConnect Under Fire!🚨 A critical vulnerability (CVE-2024-1709 - CVE Score 8.1) in ConnectWise ScreenConnect is being actively exploited by threat actors to inject malicious code. Under Attack? https://t.co/U68QIWPgxE #ScreenConnect #Vulnerability #SecurityJoes http

    @SecurityJoes

    26 Apr 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Actively exploited CVE : CVE-2024-1709

    @transilienceai

    17 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. Actively exploited CVE : CVE-2024-1709

    @transilienceai

    17 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  22. Actively exploited CVE : CVE-2024-1709

    @transilienceai

    17 Mar 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. Actively exploited CVE : CVE-2024-1709

    @transilienceai

    16 Mar 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. Actively exploited CVE : CVE-2024-1709

    @transilienceai

    15 Mar 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. Actively exploited CVE : CVE-2024-1709

    @transilienceai

    15 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. FBI & CISA Warn: Medusa Ransomware on the Rise🚨 Medusa exploits phishing, CVE-2024-1709, PowerShell abuse, obfuscated scripts, and reverse tunneling Mitigate by updating systems, segmenting networks, enforcing MFA, and backing up data. Advisory: https://t.co/7pvERODUgS h

    @vdsusa

    14 Mar 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Actively exploited CVE : CVE-2024-1709

    @transilienceai

    14 Mar 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. Medusa Ransomware Hits 300+ U.S. Critical Infrastructure Orgs 🚨 Active since 2021, the gang exploits CVE-2024-1709 & CVE-2023-48788, using phishing & LOTL tactics for double & triple extortion. FBI & CISA warn—fortify defenses now! https://t.co/6w8vLZ1Kpo #

    @dCypherIO

    13 Mar 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. CVE-2024-1709 and CVE-2023-48788 are being actively exploited in Russia’s BadPilot campaign, targeting vulnerable systems. More details: https://t.co/OAGZNVVgFK #CyberSecurity #ThreatIntel

    @adriananglin

    17 Feb 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. #threatreport #LowCompleteness Threat Actors Still Leveraging Legit RMM Tool ScreenConnect for Persistence in Cyberattacks | 06-02-2025 Source: https://t.co/e4rV2aJMXX Key details below ↓ 💀Threats: Screenconnect_tool, 🔓CVEs: CVE-2024-1709… https://t.co/9I98CwogLd https://t.co

    @rst_cloud

    6 Feb 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output VulnerabilityCVE-2026-20245
  2. Trend Micro Apex One (On-Premise) Directory Traversal VulnerabilityCVE-2026-34926
  3. Drupal Core SQL Injection VulnerabilityCVE-2026-9082
  4. Microsoft Defender Denial of Service VulnerabilityCVE-2026-45498
  5. Microsoft Defender Link Following VulnerabilityCVE-2026-41091

References

Sources include official advisories and independent security research.