How serious is CVE-2024-1709?

This vulnerability has a CVSS score of 10 out of 10, classified as CRITICAL severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2024-1709?

Yes, proof-of-concept exploit code for CVE-2024-1709 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2024-1709?

CVE-2024-1709 affects connectwise screenconnect. Check the full CVE details for specific version information.

How do I fix CVE-2024-1709?

To remediate CVE-2024-1709, check for security patches from connectwise. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2024-1709

Critical

|10.0

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to bypass authentication and gain direct access to sensitive information or critical systems in ConnectWise ScreenConnect. It affects versions 23.9.7 and earlier, meaning that if you're using these versions, your system could be at risk.

Technical Description

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$15,000($5K-$15K)

Vendor Response

Grade FPatched in 735 days

Quick Information

Published

Feb 21, 2024

about 2 years ago

Last Modified

Feb 26, 2026

about 1 month ago

Vendor

connectwise

Product

screenconnect