ConnectWise has introduced software updates to tackle two security flaws in its ScreenConnect remote desktop and access computer software, which include a critical bug that could help distant code execution on affected units.
The vulnerabilities, which presently deficiency CVE identifiers, are stated underneath –
- Authentication bypass applying an alternate path or channel (CVSS score: 10.)
- Improper limitation of a pathname to a restricted directory aka “route traversal” (CVSS rating: 8.4)
The enterprise considered the severity of the issues as critical, citing they “could allow the ability to execute remote code or straight influence confidential info or critical systems.”
![AOMEI Backupper Lifetime](https://thecybersecurity.news/data/2021/12/AOMEI-Backupper-Professional.png)
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Both the vulnerabilities affect ScreenConnect variations 23.9.7 and prior, with fixes out there in edition 23.9.8. The flaws have been noted to the firm on February 13, 2024.
While there is no evidence that the shortcomings have been exploited in the wild, customers who are jogging self-hosted or on-premise versions are recommended to update to the most recent edition as quickly as attainable.
“ConnectWise will also deliver up-to-date versions of releases 22.4 as a result of 23.9.7 for the critical issue, but strongly propose that associates update to ScreenConnect edition 23.9.8,” ConnectWise explained.
Located this write-up intriguing? Stick to us on Twitter and LinkedIn to read a lot more distinctive written content we put up.
Some elements of this report are sourced from:
thehackernews.com