ConnectWise ScreenConnect Faces Attacks Following Critical Bugs — CVE-2024-1708 and CVE-2024-1709

ConnectWise has disclosed two critical vulnerabilities in ScreenConnect (now ConnectWise Control): CVE-2024-1709, an authentication bypass with a CVSS score of 10.0, and CVE-2024-1708, a path traversal flaw. Both are under active exploitation, with multiple ransomware operators observed using them for initial access into MSP-managed estates.

Why MSPs Are a High-Value Target

A single compromised ScreenConnect instance can give attackers remote control over hundreds or thousands of downstream customer endpoints. We have responded to incidents where the attacker pushed ransomware payloads through the MSP's tooling to dozens of customers within an hour of the initial compromise.

Immediate Actions

• Upgrade ScreenConnect to 23.9.8 or later immediately.
• Hunt for unexpected administrative accounts created on the ScreenConnect server.
• Audit recent script executions and remote sessions across managed endpoints.
• Restrict ScreenConnect server access to trusted IPs where possible.
• Notify downstream customers and check for malicious activity in their estates.

If you operate or rely on an MSP that uses ScreenConnect, treat this as a sustained incident response event, not a routine patch cycle.