www.connectwise.com
Open in
urlscan Pro
2606:4700:4400::6812:2188
Public Scan
URL:
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
Submission: On February 23 via manual from US — Scanned from DE
Submission: On February 23 via manual from US — Scanned from DE
Form analysis 4 forms found in the DOM
/search
<form class="site-header__search-form" action="/search" style="" __bizdiag="113" __biza="WJ__">
<input type="search" name="q" placeholder="Search" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" class="site-header__search-input" style="">
<button class="site-header__search-submit" type="submit">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 253.78 254.46">
<path style="fill: #333;" class="cls-1"
d="M252.25,224.44l-66.83-66.83a5.26,5.26,0,0,0-7.43,0l-.37.37-18.11-18.12a88.16,88.16,0,1,0-20.67,20.39L157.1,178.5l-.16.16a5.26,5.26,0,0,0,0,7.43l66.83,66.83a5.24,5.24,0,0,0,7.42,0l21.06-21A5.26,5.26,0,0,0,252.25,224.44ZM24,88.16a64.16,64.16,0,1,1,64.16,64.15A64.23,64.23,0,0,1,24,88.16Z">
</path>
</svg>
</button>
</form>/search
<form class="site-header__search-form site-header__search-form--desktop" action="/search" data-search-url="/search" style="" __bizdiag="113" __biza="WJ__">
<a href="#" id="activateSearch" title="Search">
<img src="/globalassets/media/icons/site/grym/search.png" alt="">
</a>
<div class="site-header__search-input-wrapper">
<input type="search" name="q" placeholder="Search" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" class="site-header__search-input site-header__search-input--desktop" style="" aria-expanded="false">
</div>
<button class="site-header__search-submit" type="submit" title="Search">
<img src="/globalassets/media/icons/site/grym/search.png" alt="">
</button>
</form><form class="mktoForm mktoHasWidth mktoLayoutLeft" data-form-id="1301" data-poi="" data-page-source="" data-campaign-code="" data-gclid="" data-zoom-info="" __bizdiag="-1839851753" __biza="WJ__" id="mktoForm_1301" novalidate="novalidate"
style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); width: 1601px;">
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoFieldWrap mktoRequiredField"><input id="Email" name="Email" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email" class="mktoField mktoEmailField mktoHasWidth mktoRequired" aria-required="true"
style="width: 150px;" placeholder="Business Email Address"></div>
</div>
</div>
<div class="mktoFormRow mktoFormRowHidden">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoFieldWrap mktoRequiredField"><select id="Country" name="Country" aria-labelledby="LblCountry InstructCountry" class="mktoField mktoHasWidth mktoRequired" aria-required="true" style="width: 150px;">
<option value="">Country</option>
<option value="AF">Afghanistan</option>
<option value="AL">Albania</option>
<option value="DZ">Algeria</option>
<option value="AX">Aland Islands</option>
<option value="AS">American Samoa</option>
<option value="AI">Anguilla</option>
<option value="AD">Andorra</option>
<option value="AO">Angola</option>
<option value="AN">Antilles - Netherlands</option>
<option value="AG">Antigua and Barbuda</option>
<option value="AQ">Antarctica</option>
<option value="AR">Argentina</option>
<option value="AM">Armenia</option>
<option value="AU">Australia</option>
<option value="AT">Austria</option>
<option value="AW">Aruba</option>
<option value="AZ">Azerbaijan</option>
<option value="BA">Bosnia and Herzegovina</option>
<option value="BB">Barbados</option>
<option value="BD">Bangladesh</option>
<option value="BE">Belgium</option>
<option value="BF">Burkina Faso</option>
<option value="BG">Bulgaria</option>
<option value="BH">Bahrain</option>
<option value="BI">Burundi</option>
<option value="BJ">Benin</option>
<option value="BM">Bermuda</option>
<option value="BN">Brunei Darussalam</option>
<option value="BO">Bolivia</option>
<option value="BR">Brazil</option>
<option value="BS">Bahamas</option>
<option value="BT">Bhutan</option>
<option value="BV">Bouvet Island</option>
<option value="BW">Botswana</option>
<option value="BV">Belarus</option>
<option value="BZ">Belize</option>
<option value="KH">Cambodia</option>
<option value="CM">Cameroon</option>
<option value="CA">Canada</option>
<option value="CV">Cape Verde</option>
<option value="CF">Central African Republic</option>
<option value="TD">Chad</option>
<option value="CL">Chile</option>
<option value="CN">China</option>
<option value="CX">Christmas Island</option>
<option value="CC">Cocos Islands</option>
<option value="CO">Colombia</option>
<option value="CG">Congo</option>
<option value="CI">Ivory Coast</option>
<option value="CK">Cook Islands</option>
<option value="CR">Costa Rica</option>
<option value="HR">Croatia</option>
<option value="CY">Cyprus</option>
<option value="CZ">Czech Republic</option>
<option value="CD">Democratic Republic of the Congo</option>
<option value="DJ">Djibouti</option>
<option value="DK">Denmark</option>
<option value="DM">Dominica</option>
<option value="DO">Dominican Republic</option>
<option value="EC">Ecuador</option>
<option value="EG">Egypt</option>
<option value="SV">El Salvador</option>
<option value="TP">East Timor</option>
<option value="EE">Estonia</option>
<option value="GQ">Equatorial Guinea</option>
<option value="ER">Eritrea</option>
<option value="ET">Ethiopia</option>
<option value="FI">Finland</option>
<option value="FJ">Fiji</option>
<option value="FK">Falkland Islands</option>
<option value="FM">Federated States of Micronesia</option>
<option value="FO">Faroe Islands</option>
<option value="FR">France</option>
<option value="GF">French Guiana</option>
<option value="PF">French Polynesia</option>
<option value="GA">Gabon</option>
<option value="GM">Gambia</option>
<option value="DE">Germany</option>
<option value="GH">Ghana</option>
<option value="GI">Gibraltar</option>
<option value="GB">Great Britain</option>
<option value="GD">Grenada</option>
<option value="GE">Georgia</option>
<option value="GR">Greece</option>
<option value="GL">Greenland</option>
<option value="GN">Guinea</option>
<option value="GP">Guadeloupe</option>
<option value="GS">S. Georgia and S. Sandwich Islands</option>
<option value="GT">Guatemala</option>
<option value="GU">Guam</option>
<option value="GW">Guinea-Bissau</option>
<option value="GY">Guyana</option>
<option value="HK">Hong Kong</option>
<option value="HM">Heard Island and McDonald Islands</option>
<option value="HN">Honduras</option>
<option value="HT">Haiti</option>
<option value="HU">Hungary</option>
<option value="ID">Indonesia</option>
<option value="IE">Ireland</option>
<option value="IL">Israel</option>
<option value="IN">India</option>
<option value="IO">British Indian Ocean Territory</option>
<option value="IQ">Iraq</option>
<option value="IT">Italy</option>
<option value="JM">Jamaica</option>
<option value="JO">Jordan</option>
<option value="JP">Japan</option>
<option value="KE">Kenya</option>
<option value="KG">Kyrgyzstan</option>
<option value="KI">Kiribati</option>
<option value="KM">Comoros</option>
<option value="KN">Saint Kitts and Nevis</option>
<option value="KR">Korea South</option>
<option value="KW">Kuwait</option>
<option value="KY">Cayman Islands</option>
<option value="KZ">Kazakhstan</option>
<option value="LA">Laos</option>
<option value="LB">Lebanon</option>
<option value="LC">Saint Lucia</option>
<option value="LI">Liechtenstein</option>
<option value="LK">Sri Lanka</option>
<option value="LR">Liberia</option>
<option value="LS">Lesotho</option>
<option value="LT">Lithuania</option>
<option value="LU">Luxembourg</option>
<option value="LV">Latvia</option>
<option value="LY">Libya</option>
<option value="MK">Macedonia</option>
<option value="MO">Macao</option>
<option value="MG">Madagascar</option>
<option value="MY">Malaysia</option>
<option value="ML">Mali</option>
<option value="MW">Malawi</option>
<option value="MR">Mauritania</option>
<option value="MH">Marshall Islands</option>
<option value="MQ">Martinique</option>
<option value="MU">Mauritius</option>
<option value="YT">Mayotte</option>
<option value="MT">Malta</option>
<option value="MX">Mexico</option>
<option value="MA">Morocco</option>
<option value="MC">Monaco</option>
<option value="MD">Moldova</option>
<option value="MN">Mongolia</option>
<option value="MM">Myanmar</option>
<option value="MP">Northern Mariana Islands</option>
<option value="MS">Montserrat</option>
<option value="MV">Maldives</option>
<option value="MZ">Mozambique</option>
<option value="NA">Namibia</option>
<option value="NC">New Caledonia</option>
<option value="NE">Niger</option>
<option value="NF">Norfolk Island</option>
<option value="NG">Nigeria</option>
<option value="NI">Nicaragua</option>
<option value="NL">Netherlands</option>
<option value="NO">Norway</option>
<option value="NP">Nepal</option>
<option value="NR">Nauru</option>
<option value="NU">Niue</option>
<option value="NZ">New Zealand</option>
<option value="OM">Oman</option>
<option value="PA">Panama</option>
<option value="PE">Peru</option>
<option value="PG">Papua New Guinea</option>
<option value="PH">Philippines</option>
<option value="PK">Pakistan</option>
<option value="PL">Poland</option>
<option value="PM">Saint Pierre and Miquelon</option>
<option value="CS">Serbia and Montenegro</option>
<option value="PN">Pitcairn</option>
<option value="PR">Puerto Rico</option>
<option value="PS">Palestinian Territory</option>
<option value="PT">Portugal</option>
<option value="PW">Palau</option>
<option value="PY">Paraguay</option>
<option value="QA">Qatar</option>
<option value="RE">Reunion</option>
<option value="RO">Romania</option>
<option value="RU">Russian Federation</option>
<option value="RW">Rwanda</option>
<option value="SA">Saudi Arabia</option>
<option value="WS">Samoa</option>
<option value="SH">Saint Helena</option>
<option value="VC">Saint Vincent and the Grenadines</option>
<option value="SM">San Marino</option>
<option value="ST">Sao Tome and Principe</option>
<option value="SN">Senegal</option>
<option value="SC">Seychelles</option>
<option value="SL">Sierra Leone</option>
<option value="SG">Singapore</option>
<option value="SK">Slovakia</option>
<option value="SI">Slovenia</option>
<option value="SB">Solomon Islands</option>
<option value="SO">Somalia</option>
<option value="ZA">South Africa</option>
<option value="ES">Spain</option>
<option value="SD">Sudan</option>
<option value="SR">Suriname</option>
<option value="SJ">Svalbard and Jan Mayen</option>
<option value="SE">Sweden</option>
<option value="CH">Switzerland</option>
<option value="SZ">Swaziland</option>
<option value="TW">Taiwan</option>
<option value="TZ">Tanzania</option>
<option value="TJ">Tajikistan</option>
<option value="TH">Thailand</option>
<option value="TL">Timor-Leste</option>
<option value="TG">Togo</option>
<option value="TK">Tokelau</option>
<option value="TO">Tonga</option>
<option value="TT">Trinidad and Tobago</option>
<option value="TN">Tunisia</option>
<option value="TR">Turkey</option>
<option value="TM">Turkmenistan</option>
<option value="TC">Turks and Caicos Islands</option>
<option value="TV">Tuvalu</option>
<option value="UA">Ukraine</option>
<option value="UG">Uganda</option>
<option value="AE">United Arab Emirates</option>
<option value="UK">United Kingdom</option>
<option value="US">United States</option>
<option value="UM">United States Minor Outlying Islands</option>
<option value="UY">Uruguay</option>
<option value="UZ">Uzbekistan</option>
<option value="VU">Vanuatu</option>
<option value="VA">Vatican City State</option>
<option value="VE">Venezuela</option>
<option value="VG">Virgin Islands</option>
<option value="VI">Virgin Islands</option>
<option value="VN">Viet Nam</option>
<option value="WF">Wallis and Futuna</option>
<option value="EH">Western Sahara</option>
<option value="YE">Yemen</option>
<option value="ZM">Zambia</option>
<option value="ZW">Zimbabwe</option>
</select></div>
</div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoSimple" style="margin-left: 120px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1301"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="417-HWY-826">
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="Jigsaw" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="mKTOProductInterest" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="pageSource" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="campaignCodeMostRecent" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="utmcampaign" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="utmcontent" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="utmmedium" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="utmsource" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="utmterm" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="referringURL" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="CWS_GCLID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="ga_cid__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
</form><form class="mktoForm mktoHasWidth mktoLayoutLeft" data-form-id="1301" data-poi="" data-page-source="" data-campaign-code="" data-gclid="" data-zoom-info="" __bizdiag="-1839851753" __biza="WJ__" novalidate="novalidate"
style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>Text Content
___
Skip to main content
* Contact Us
* Sign In
*
SOLUTIONS
Cybersecurity Management
Everything you need to protect your clients’ most critical business assets
* MDR
Address the growing frequency, type, and severity of cyber threats against
SMB endpoints
* SIEM
Centralize threat visibility and analysis, backed by cutting-edge threat
intelligence
* Risk Assessment & Vulnerability Management
Identify unknown cyber risks and routinely scan for vulnerabilities
* Identity Management
Secure and streamline client access to devices and applications with
strong authentication and SSO
* Cloud App Security
Monitor and manage SaaS security risks for the entire Microsoft 365
environment.
* SASE
Zero trust secure access for users, locations, and devices
* Enterprise-grade SOC
Provide 24/7 threat monitoring and response backed by proprietary threat
research and intelligence and certified cyber experts
* Policy Management
Create, deploy, and manage client security policies and profiles
* Incident Response Service
On-tap cyber experts to address critical security incidents
* Cybersecurity Glossary
Guide to the most common, important terms in the industry
* What is cybersecurity?
Everything you need to know - from our experts.
See All Cybersecurity Management solutions >>
Unified Monitoring & Management
Monitor, troubleshoot and backup customer endpoints and data.
* RMM
Monitor and manage your client’s networks the way you want - hands-on,
automated or both.
* Best PSA/RMM Vendor
CPI US MSP Innovation Awards 2022
* BCDR
Keep your client’s at ease with backup and disaster recovery you can
trust.
* ScreenConnect
Remotely access and support any device, anywhere, any time.
* Access Management
Eliminate shared admin passwords and protect customers from security
threats.
* NOC Services
24/7/365 network operations center of expert technicians at your service.
* Automate
Powerful RMM for next-level IT support
All Unified Monitoring & Management solutions >>
Business Management
Efficiently run your TSP business with integrated front and back office
solutions.
* PSA
Professional services automation designed to run your as-a-service
business.
* Best PSA/RMM Vendor
CPI US MSP Innovation Awards 2022
* CPQ
Advanced quote and proposal automation to streamline your quoting.
* Dashboards & KPIs by BrightGauge
KPI dashboards and reporting for real-time business insights.
* IT Documentation by ITBoost
Centralized, intuitive IT documentation.
* Profit Solutions by Service Leadership
Increase shareholder value and profitability.
* SmileBack
Customer Service Feedback For MSPs
* Business Management Packages
Optimize your business operations through curated packages designed to
streamline, standardize, and automate your business processes.
All Business Management solutions >>
Integrated Expert Services
Solve staffing issues with managed services to support your team and clients.
* Help Desk Services
Consistent, scalable, and high-quality help-desk services with trained
technicians.
* Dedicated Technician
Technical expertise and personalized support to scale your staff.
* Project Assistance
On-demand technical expertise
* NOC Services
24/7/365 network operations center of expert technicians at your service.
* SOC Services
24/7/365 threat monitoring and response in our security operations center.
* Incident Response Service
On-tap cyber experts to address critical security incidents
All Integrated Services Solutions >>
The Asio™ Platform
Automate more, revolutionize efficiency, and grow business faster with a
platform built for TSP’s.
* ConnectWise Sidekick
Accelerate team productivity and increase customer satisfaction through
generative AI functionality.
* RPA
Save time and resources through easy to use workflows and automate
repetitive processes to make your team more efficient.
Asio™ Overview >>
Solution Marketplace >>
*
WHY CONNECTWISE
TSP SOLUTIONS
* Managed Services Provider (MSP)
* Managed Security Solutions Provider (MSSP)
* Value Added Reseller (VAR)
* Office Technology Dealer
* Internal IT
* Partner Success Stories
* What We Offer
COMMUNITY
* The IT Nation
* Events
* IT Industry Conference
* Cybersecurity Conference
* User Groups
* Peer Groups
* Online Community
SECURITY FOCUSED
* Cybersecurity Center
* Cyber Research Unit
* Trust Center
* Security Bulletins
* Partner Program
IT NATION SECURE
*
RESOURCES
LEARN + GROW
* Resource Center
* Events
* Webinars
* Podcasts
* Blog
* Modes Theory™
Identify where you are, where you want to go, and how to get there
* ConnectWise Certify
TSP training & professional development certifications
EXPLORE SOLUTIONS
* Start a Trial
* Register for a Live Demo
* Watch On-Demand Demos
* Request a Quote
Best PSA/RMM Vendor
CPI US MSP Innovation Awards 2022
*
COMPANY
ABOUT
* What Makes Us Different
* Mission & Vision
* History
* Leadership
* Board of Directors
COMPANY UPDATES
* Awards
* Press Room
* Philanthropy
* Careers
* Contact Us
Sign In
NEW! Advisories Try For Free
1. Home
2. Company
3. Trust Center
4. Security Bulletins
5. ConnectWise ScreenConnect 23.9.8 security fix
CONNECTWISE SCREENCONNECT 23.9.8 SECURITY FIX
02/19/2024
Products: ScreenConnect
Severity: Critical
Priority: 1 - High
February 22, 2024 update:
ConnectWise recommends on-premise partners immediately update to 23.9.8 or
higher to remediate reported vulnerabilities.
ConnectWise has rolled out an additional mitigation step for unpatched,
on-premise users that suspends an instance if it is not on version 23.9.8 or
later. If your instance is found to be on an outdated version, an alert will be
sent with instructions on how to perform the necessary actions to release the
server.
To upgrade your version to our latest 23.9 release, please follow this upgrade
path:
2.1 → 2.5 → 3.1 → 4.4 → 5.4 → 19.2 → 22.8 → 23.3 → 23.9
If you need any assistance or have additional questions, please go online to
ConnectWise Home and open a case with our support team or email
help@connectwise.com.
ACTIVE ADVISORY
* ScreenConnect vulnerability CWE-288
* ScreenConnect 23.9.8 security bulletin
* How to upgrade on-premise installation
* Download patch
* FAQ
HELPFUL LINKS
* Advisories RSS feed link
* Chrome RSS feed extension
* Visit our Trust Center
* See latest security bulletins
* Check status.connectwise.com
* Call 1-888-WISE911 to report a security vulnerabillity
* Email help@connectwise.com
* Login and open a ticket on ConnectWise Home
* Update/check my email preferences
February 21, 2024 update:
Cloud partner summary: Cloud partners are remediated against both
vulnerabilities reported on February 19. No further action is required from any
cloud partner (“screenconnect.com” cloud and “hostedrmm.com”).
On-Prem partner summary: On-prem partners are advised to immediately upgrade to
the latest version of ScreenConnect to remediate against reported
vulnerabilities.
Today, ScreenConnect version 23.9.10.8817 was released containing a number of
fixes to improve customer experience. It is always recommended to be on the
latest version but 23.9.8 is the minimum version that remediated the reported
vulnerabilities.
As part of this release, ConnectWise has removed license restrictions, so
partners no longer under maintenance can upgrade to the latest version of
ScreenConnect.
February 20, 2024 update:
Indicators of compromise
Indicators of compromise (IOCs) look for malicious activity or threats. These
indicators can be incorporated into your cybersecurity monitoring platform. They
can help you stop a cyberattack that's in progress. Plus, you can use IOCs to
find ways to detect and stop ransomware, malware, and other cyberthreats before
they cause data breaches.
We've received notifications of suspicious activity that our incident response
team has investigated. The following IP addresses were used by threat actors. We
are making them available for protection and defense.
IOCs:
* 155.133.5.15
* 155.133.5.14
* 118.69.65.60
We will continue to update with any further information as it becomes
available.
Original Bulletin:
Summary
Vulnerabilities were reported February 13, 2024, through our vulnerability
disclosure channel via the ConnectWise Trust Center. There is no evidence that
these vulnerabilities have been exploited in the wild, but immediate action must
be taken by on-premise partners to address these identified security risks.
Vulnerability
* CWE-288 Authentication bypass using an alternate path or channel
* CWE-22 Improper limitation of a pathname to a restricted directory (“path
traversal”)
CWE ID
Description
Base Score
Vector
CWE-288
Authentication bypass using an alternate path or channel
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-22
Improper limitation of a pathname to a restricted directory (“path traversal”)
8.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Severity
Critical—Vulnerabilities that could allow the ability to execute remote code or
directly impact confidential data or critical systems.
Priority
1 High—Vulnerabilities that are either being targeted or have higher risk of
being targeted by exploits in the wild. Recommend installing updates as
emergency changes or as soon as possible (e.g., within days)
Affected versions
ScreenConnect 23.9.7 and prior
Remediation
Cloud
There are no actions needed by the partner, ScreenConnect servers hosted in
“screenconnect.com” cloud or “hostedrmm.com” have been updated to remediate the
issue.
On-premise
Partners that are self-hosted or on-premise need to update their servers to
version 23.9.8 immediately to apply a patch.
ConnectWise will also provide updated versions of releases 22.4 through 23.9.7
for the critical issue, but strongly recommend that partners update to
ScreenConnect version 23.9.8.
For instructions on updating to the newest release, please reference this doc:
Upgrade an on-premise installation - ConnectWise
Link to patch: Download | ConnectWise ScreenConnect™
faq
FAQS
Frequently asked questions
What happened?
A critical vulnerability, CVE-2024-1709, was reported by a security researcher
that allows anonymous attackers to exploit an authentication bypass flaw to
create admin accounts on publicly exposed instances. Essentially, a bad actor
could mimic the role as system admin, delete all other users and take over the
instance.
What is the current status of the vulnerability?
Cloud partners: Within 36 hours of confirming the CVE-2024-1709 vulnerability,
we applied a manual mitigation for all cloud partners (ConnectWise
ScreenConnect™, RMM and Automate/hosted RMM). Completing this action meant that
all cloud partners were protected without requiring any actions from the
partner. We then completed an upgrade for all ScreenConnect and Automate/hosted
RMM cloud partners to our latest 23.9 version, which applies further hardening
and reverts to our usual release process format.
On-premise partners: A patch is available to partners who are self-hosted or
on-premise need to update their servers to version 23.9.8 immediately to apply a
patch.
Link to patch: Download | ConnectWise ScreenConnect
For instruction on updating to the newest release, please reference this doc:
Upgrade an on-premise installation - ConnectWise
Who is at risk?
Anyone on a self-hosted instance running ScreenConnect 23.9.7 and prior.
Partners no longer under maintenance are eligible to install version 22.4 at no
additional cost, which will fix CVE-2024-1709, the critical vulnerability.
However, this should be treated as an interim step. ConnectWise recommends
updating to the latest release to get all the current security patches and
therefore all partners should upgrade to 23.9.8 or higher using the upgrade path
outlined above.
How can partners protect themselves?
There are many things that a partner can do to protect themselves. In this
situation, the most important thing you can do is patch your instances
immediately!
What can partners do if they suspect they have compromised?
If you suspect you have been compromised related to the recent ConnectWise
ScreenConnect™™ vulnerability (CVE-2024-1709), please follow the mitigation
steps below.
1. Upgrade ScreenConnect to the current 23.9.8 version immediately
* Please note, there is an upgrade path that must be followed
2.1 → 2.5 → 3.1 → 4.4 → 5.4 →19.2→22.8→23.3→ 23.9
* Click here to upgrade your on-premise installation
2. If you receive a license error when upgrading, it may be due to a technical
problem on the server, or the license key itself may need to be renewed.
* If the upgrade cannot be completed, please delete the SetupWizard.aspx file
out of the installation folder: C:\Program Files
(x86)\ScreenConnect\SetupWizard.aspx
3. Identify the issue
* When compromised, the User.xml file on the ScreenConnect™ instance is reset
and replaced with a new file that contains only information about one new
user
C:\Program Files (x86)\ScreenConnect™\App_Data\User.xml
* This file can be restored from a backup to get the original users back (if
applicable)
* If you don’t have a user backup, the user file can be reset again by
following the process outlined here.
4. Once you are able to log in, check for malicious commands/tools or
connections.
* Install the Report Manager extension on the Admin > Extensions page > Browse
Extension Marketplace button
* Launch Report Manager from the Admin page > Extras menu (4x boxes lower left
corner) > Report Manager
* There are pre-built reports that will export data as a CSV. All reports show
the last 30 days of data by default (this is dependent on the database
maintenance plans)
* Host Session Connections—shows all connections made to devices
* Queued Commands Example—shows all remote commands run against devices
* Queued Toolbox Items Example—shows all toolbox items that were queued up
Report a security incident
If you have questions or need to report a security or privacy incident, please
visit our ConnectWise Trust Center. You can also call our Partner InfoSec
Hotline at 1-888-WISE911 to report a non-active security incident or a security
vulnerability.
How do I report a security incident?
If you have questions or need to report a security or privacy incident, please
visit our ConnectWise Trust Center. You can also call our Partner InfoSec
Hotline at 1-888-WISE911 to report a non-active security incident or a security
vulnerability.
Where can partners go for more information and support?
If you need any assistance or have additional questions, please go online to
ConnectWise Home and open a case with our support team or email
help@connectwise.com.
We are communicating in many platforms to make sure you stay informed. However,
our FAQ page will capture the latest questions that are frequently asked as this
evolves. If you do not find what you are looking for here, please go online to
our Trust Center for our advisories and bulletin pages for more information.
Some of the partners are getting a license revoked error, even after upgrading
their server to the latest version and rebooting. What do we do next?
What we've done is revoke the licenses for servers that have checked in using an
unpatched version. You will be able to upgrade to the current/patched versions,
and if the license is eligible for the installed version, it will automatically
be restored by the license server. However, the key would still need to be valid
for the version you're using. If the key is not valid, it will stay as revoked,
and you'd need to upgrade the key.
https://docs.connectwise.com/ConnectWise_ScreenConnect™_Documentation/On-premises/On-premises_licensing/Upgrade_an_on-premises_license
Why didn’t I receive an email? Who at my company did receive an email?
We went to great lengths to contact partners and previous partners regarding
this issue. We’ve heard reports that messages went to junk or spam folders. To
avoid this in the future, please set rules that allow ConnectWise communication
to hit your primary inbox – add no-reply@connectwise.com to your safe sender
list to ensure these important communications are delivered to your inbox.
In addition, please update your primary contact details by reaching out to your
dedicated account manager. You can also ensure your email preferences are
correctly configured in our online self-service ConnectWise Profile and
Preference Center. Learn more here.
If you have confirmed that your primary contact information is accurate and you
are still not receiving emails from our system, we kindly request that you share
the primary contact email with us for further investigation.
Why was my cloud-hosted ScreenConnect showing a version older than 23.9.8 when
the security advisory said we had already been updated?
We apologize for any confusion. For cloud-hosted partners, including RMM/Command
partners, while we communicated that there was no action needed, many believed
they were still vulnerable because their ScreenConnect was showing a version
older than 23.9.8. We took action to remediate the vulnerability for all cloud
partners, but because partners did not have the new version installed, they
thought they were still vulnerable. We rolled out full version upgrades to
resolve this. Again, we apologize for any confusion and inconvenience, or
original message may have caused.
Why did my cloud-hosted ScreenConnect instance have downtime on February 21?
Some of our cloud-hosted partners (including RMM/Command partners) were
concerned they were possibly compromised due to a brief downtime on February 21.
This was due to an accelerated rollout of the formal patch version (23.9) to put
us back on a proper release schedule. The average downtime for this was around
10 minutes.
How do I know what version of ScreenConnect I am eligible for?
Check your Status/Overview page and review the Version Check. Review the Latest
Eligible Version row; this will detail the latest version of ScreenConnect that
your license permits you to upgrade to.
Partners no longer under maintenance are eligible to install version 22.4 at no
additional cost, which will fix CVE-2024-1709, the critical vulnerability.
However, this should be treated as an interim step. ConnectWise recommends
updating to the latest release to get all the current security patches and
therefore all partners should upgrade to 23.9.8 or higher using the upgrade path
outlined above.
For instructions on how to renew your license, please click here or contact our
sales team at screenconnectsales@connectwise.com.
What happens once I have patched to a remediated version?
Once you have patched your on-prem instance of ScreenConnect to the latest
version, you should review users with access to ScreenConnect™, remove any that
are not recognized, change passwords, and enable MFA.
If you are using any extensions, please validate them and remove/add them again.
Once all steps are completed restart the server.
Do these vulnerabilities directly affect ScreenConnect clients?
ScreenConnect clients are not directly impacted by this issue. This is because
the identified vulnerabilities involve an authentication bypass and path
traversal issues within the server software itself (unpatched ScreenConnect
instances version 23.9.7 and below), rather than any vulnerabilities within the
client software that is installed on end-user devices.
While updating the clients is always recommended, it is not required to mitigate
or protect against this issue.
Ready to talk?
Contact Us
Chat Now
800.671.6898
Partner Support
Solutions
* Asio™ by ConnectWise®
* Cybersecurity Management
* Unified Monitoring & Management
* Business Management
* Integrated Services
* Solution Marketplace
For Partners
* University Login
* ConnectWise Home
* Getting Help
* Documentation
* Partner Services
* Partner Communications
* Partner Referral
Resources
* Blog
* Resource Center
* Events
* Webinars
* Podcasts
* The IT Nation
* Online Community
Company
* Mission & Vision
* History
* Awards
* Press Room
* Careers
* Distributors
* Contact Us
Enter your email address to receive updates from ConnectWise.
CountryAfghanistanAlbaniaAlgeriaAland IslandsAmerican
SamoaAnguillaAndorraAngolaAntilles - NetherlandsAntigua and
BarbudaAntarcticaArgentinaArmeniaAustraliaAustriaArubaAzerbaijanBosnia and
HerzegovinaBarbadosBangladeshBelgiumBurkina
FasoBulgariaBahrainBurundiBeninBermudaBrunei
DarussalamBoliviaBrazilBahamasBhutanBouvet
IslandBotswanaBelarusBelizeCambodiaCameroonCanadaCape VerdeCentral African
RepublicChadChileChinaChristmas IslandCocos IslandsColombiaCongoIvory CoastCook
IslandsCosta RicaCroatiaCyprusCzech RepublicDemocratic Republic of the
CongoDjiboutiDenmarkDominicaDominican RepublicEcuadorEgyptEl SalvadorEast
TimorEstoniaEquatorial GuineaEritreaEthiopiaFinlandFijiFalkland IslandsFederated
States of MicronesiaFaroe IslandsFranceFrench GuianaFrench
PolynesiaGabonGambiaGermanyGhanaGibraltarGreat
BritainGrenadaGeorgiaGreeceGreenlandGuineaGuadeloupeS. Georgia and S. Sandwich
IslandsGuatemalaGuamGuinea-BissauGuyanaHong KongHeard Island and McDonald
IslandsHondurasHaitiHungaryIndonesiaIrelandIsraelIndiaBritish Indian Ocean
TerritoryIraqItalyJamaicaJordanJapanKenyaKyrgyzstanKiribatiComorosSaint Kitts
and NevisKorea SouthKuwaitCayman IslandsKazakhstanLaosLebanonSaint
LuciaLiechtensteinSri
LankaLiberiaLesothoLithuaniaLuxembourgLatviaLibyaMacedoniaMacaoMadagascarMalaysiaMaliMalawiMauritaniaMarshall
IslandsMartiniqueMauritiusMayotteMaltaMexicoMoroccoMonacoMoldovaMongoliaMyanmarNorthern
Mariana IslandsMontserratMaldivesMozambiqueNamibiaNew CaledoniaNigerNorfolk
IslandNigeriaNicaraguaNetherlandsNorwayNepalNauruNiueNew
ZealandOmanPanamaPeruPapua New GuineaPhilippinesPakistanPolandSaint Pierre and
MiquelonSerbia and MontenegroPitcairnPuerto RicoPalestinian
TerritoryPortugalPalauParaguayQatarReunionRomaniaRussian FederationRwandaSaudi
ArabiaSamoaSaint HelenaSaint Vincent and the GrenadinesSan MarinoSao Tome and
PrincipeSenegalSeychellesSierra LeoneSingaporeSlovakiaSloveniaSolomon
IslandsSomaliaSouth AfricaSpainSudanSurinameSvalbard and Jan
MayenSwedenSwitzerlandSwazilandTaiwanTanzaniaTajikistanThailandTimor-LesteTogoTokelauTongaTrinidad
and TobagoTunisiaTurkeyTurkmenistanTurks and Caicos
IslandsTuvaluUkraineUgandaUnited Arab EmiratesUnited KingdomUnited StatesUnited
States Minor Outlying IslandsUruguayUzbekistanVanuatuVatican City
StateVenezuelaVirgin IslandsVirgin IslandsViet NamWallis and FutunaWestern
SaharaYemenZambiaZimbabwe
Submit
Get Social with Us
©2024 ConnectWise, LLC. All rights reserved.
Terms Privacy Policy Trust
We use cookies to enhance site navigation, analyze site usage and assist in our
marketing efforts. You can accept, reject or customize your preferences by
clicking the cookie settings button. Our privacy policy provides more
information and explains how to amend your cookie settingsPrivacy Policy
Customize Choices Reject All Cookies Accept All Cookies
PRIVACY PREFERENCE CENTER
* YOUR PRIVACY
* STRICTLY NECESSARY COOKIES
* PERFORMANCE COOKIES
* TARGETING COOKIES
* FUNCTIONAL COOKIES
YOUR PRIVACY
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
View Vendor Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
View Vendor Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
View Vendor Details
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
View Vendor Details
Back Button
VENDORS LIST
Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Clear
checkbox label label
Apply Cancel
Confirm My Choices
Reject All Allow All