ConnectWise remote access tool hacked — security pros are saying it is bad, so patch now
ConnectWise vulnerabilities allow for remote code execution
Top remote access platform ConnectWise has confirmed finding, and patching, two critical security vulnerabilities in its ScreenConnect product.
"Vulnerabilities were reported February 13, 2024, through our vulnerability disclosure channel via the ConnectWise Trust Center," ConnectWise warned in a security advisory.
"There is no evidence that these vulnerabilities have been exploited in the wild, but immediate action must be taken by on-premise partners to address these identified security risks."
No data theft (yet)
Given the severity of the discovered vulnerabilities, ConnectWise has urged its customers to apply the patch without delay. At the same time, security researchers are up in arms, with some even describing the findings as an utter disaster, both for ConnectWise, and its customers.
The CVEs for the two flaws are yet to be assigned, but we do know that they’re impacting all servers running ScreenConnect 23.9.7 and older. They allow threat actors to mount remote code execution (RCE) attacks or grab confidential data from vulnerable endpoints. The attacks leveraging the flaws are low in complexity and don’t require user interaction.
In a subsequent update, the company said it “received updates of compromised accounts that our incident response team have been able to investigate and confirm."
A company spokesperson told TechCrunch it could not say how many customers were affected, but did stress that the majority of its clients (80%) use cloud-based environments which were patched within two days.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
So far, the company’s seen no evidence of data exfiltration, either.
The news is the latest security worry for ConnectWise, which also found multiple vulnerabilities in its remote access solutions for small and medium-sized businesses (SMB) earlier this year.
More from TechRadar Pro
- New malicious PyPl can slither onto your device using sneaky tactics
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.