ConnectWise has introduced software updates to tackle two security flaws in its ScreenConnect remote desktop and access computer software, which include a critical bug that could help distant code execution on affected units.
The vulnerabilities, which presently deficiency CVE identifiers, are stated underneath –
- Authentication bypass applying an alternate path or channel (CVSS score: 10.)
- Improper limitation of a pathname to a restricted directory aka “route traversal” (CVSS rating: 8.4)
The enterprise considered the severity of the issues as critical, citing they “could allow the ability to execute remote code or straight influence confidential info or critical systems.”
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Both the vulnerabilities affect ScreenConnect variations 23.9.7 and prior, with fixes out there in edition 23.9.8. The flaws have been noted to the firm on February 13, 2024.
While there is no evidence that the shortcomings have been exploited in the wild, customers who are jogging self-hosted or on-premise versions are recommended to update to the most recent edition as quickly as attainable.
“ConnectWise will also deliver up-to-date versions of releases 22.4 as a result of 23.9.7 for the critical issue, but strongly propose that associates update to ScreenConnect edition 23.9.8,” ConnectWise explained.
Located this write-up intriguing? Stick to us on Twitter and LinkedIn to read a lot more distinctive written content we put up.
Some elements of this report are sourced from:
thehackernews.com