www.connectwise.com
Open in
urlscan Pro
2606:4700:4400::6812:2188
Public Scan
URL:
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
Submission: On February 28 via api from IN — Scanned from DE
Submission: On February 28 via api from IN — Scanned from DE
Form analysis
4 forms found in the DOM/search
<form class="site-header__search-form" action="/search" style="" __bizdiag="113" __biza="WJ__">
<input type="search" name="q" placeholder="Search" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" class="site-header__search-input" style="">
<button class="site-header__search-submit" type="submit">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 253.78 254.46">
<path style="fill: #333;" class="cls-1"
d="M252.25,224.44l-66.83-66.83a5.26,5.26,0,0,0-7.43,0l-.37.37-18.11-18.12a88.16,88.16,0,1,0-20.67,20.39L157.1,178.5l-.16.16a5.26,5.26,0,0,0,0,7.43l66.83,66.83a5.24,5.24,0,0,0,7.42,0l21.06-21A5.26,5.26,0,0,0,252.25,224.44ZM24,88.16a64.16,64.16,0,1,1,64.16,64.15A64.23,64.23,0,0,1,24,88.16Z">
</path>
</svg>
</button>
</form>
/search
<form class="site-header__search-form site-header__search-form--desktop" action="/search" data-search-url="/search" style="" __bizdiag="113" __biza="WJ__">
<a href="#" id="activateSearch" title="Search">
<img src="/globalassets/media/icons/site/grym/search.png" alt="">
</a>
<div class="site-header__search-input-wrapper">
<input type="search" name="q" placeholder="Search" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" class="site-header__search-input site-header__search-input--desktop" style="" aria-expanded="false">
</div>
<button class="site-header__search-submit" type="submit" title="Search">
<img src="/globalassets/media/icons/site/grym/search.png" alt="">
</button>
</form>
<form class="mktoForm mktoHasWidth mktoLayoutLeft" data-form-id="1301" data-poi="" data-page-source="" data-campaign-code="" data-gclid="" data-zoom-info="" __bizdiag="-1839851753" __biza="WJ__" id="mktoForm_1301" novalidate="novalidate"
style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); width: 1601px;">
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoFieldWrap mktoRequiredField"><input id="Email" name="Email" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email" class="mktoField mktoEmailField mktoHasWidth mktoRequired" aria-required="true"
style="width: 150px;" placeholder="Business Email Address"></div>
</div>
</div>
<div class="mktoFormRow mktoFormRowHidden">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoFieldWrap mktoRequiredField"><select id="Country" name="Country" aria-labelledby="LblCountry InstructCountry" class="mktoField mktoHasWidth mktoRequired" aria-required="true" style="width: 150px;">
<option value="">Country</option>
<option value="AF">Afghanistan</option>
<option value="AL">Albania</option>
<option value="DZ">Algeria</option>
<option value="AX">Aland Islands</option>
<option value="AS">American Samoa</option>
<option value="AI">Anguilla</option>
<option value="AD">Andorra</option>
<option value="AO">Angola</option>
<option value="AN">Antilles - Netherlands</option>
<option value="AG">Antigua and Barbuda</option>
<option value="AQ">Antarctica</option>
<option value="AR">Argentina</option>
<option value="AM">Armenia</option>
<option value="AU">Australia</option>
<option value="AT">Austria</option>
<option value="AW">Aruba</option>
<option value="AZ">Azerbaijan</option>
<option value="BA">Bosnia and Herzegovina</option>
<option value="BB">Barbados</option>
<option value="BD">Bangladesh</option>
<option value="BE">Belgium</option>
<option value="BF">Burkina Faso</option>
<option value="BG">Bulgaria</option>
<option value="BH">Bahrain</option>
<option value="BI">Burundi</option>
<option value="BJ">Benin</option>
<option value="BM">Bermuda</option>
<option value="BN">Brunei Darussalam</option>
<option value="BO">Bolivia</option>
<option value="BR">Brazil</option>
<option value="BS">Bahamas</option>
<option value="BT">Bhutan</option>
<option value="BV">Bouvet Island</option>
<option value="BW">Botswana</option>
<option value="BV">Belarus</option>
<option value="BZ">Belize</option>
<option value="KH">Cambodia</option>
<option value="CM">Cameroon</option>
<option value="CA">Canada</option>
<option value="CV">Cape Verde</option>
<option value="CF">Central African Republic</option>
<option value="TD">Chad</option>
<option value="CL">Chile</option>
<option value="CN">China</option>
<option value="CX">Christmas Island</option>
<option value="CC">Cocos Islands</option>
<option value="CO">Colombia</option>
<option value="CG">Congo</option>
<option value="CI">Ivory Coast</option>
<option value="CK">Cook Islands</option>
<option value="CR">Costa Rica</option>
<option value="HR">Croatia</option>
<option value="CY">Cyprus</option>
<option value="CZ">Czech Republic</option>
<option value="CD">Democratic Republic of the Congo</option>
<option value="DJ">Djibouti</option>
<option value="DK">Denmark</option>
<option value="DM">Dominica</option>
<option value="DO">Dominican Republic</option>
<option value="EC">Ecuador</option>
<option value="EG">Egypt</option>
<option value="SV">El Salvador</option>
<option value="TP">East Timor</option>
<option value="EE">Estonia</option>
<option value="GQ">Equatorial Guinea</option>
<option value="ER">Eritrea</option>
<option value="ET">Ethiopia</option>
<option value="FI">Finland</option>
<option value="FJ">Fiji</option>
<option value="FK">Falkland Islands</option>
<option value="FM">Federated States of Micronesia</option>
<option value="FO">Faroe Islands</option>
<option value="FR">France</option>
<option value="GF">French Guiana</option>
<option value="PF">French Polynesia</option>
<option value="GA">Gabon</option>
<option value="GM">Gambia</option>
<option value="DE">Germany</option>
<option value="GH">Ghana</option>
<option value="GI">Gibraltar</option>
<option value="GB">Great Britain</option>
<option value="GD">Grenada</option>
<option value="GE">Georgia</option>
<option value="GR">Greece</option>
<option value="GL">Greenland</option>
<option value="GN">Guinea</option>
<option value="GP">Guadeloupe</option>
<option value="GS">S. Georgia and S. Sandwich Islands</option>
<option value="GT">Guatemala</option>
<option value="GU">Guam</option>
<option value="GW">Guinea-Bissau</option>
<option value="GY">Guyana</option>
<option value="HK">Hong Kong</option>
<option value="HM">Heard Island and McDonald Islands</option>
<option value="HN">Honduras</option>
<option value="HT">Haiti</option>
<option value="HU">Hungary</option>
<option value="ID">Indonesia</option>
<option value="IE">Ireland</option>
<option value="IL">Israel</option>
<option value="IN">India</option>
<option value="IO">British Indian Ocean Territory</option>
<option value="IQ">Iraq</option>
<option value="IT">Italy</option>
<option value="JM">Jamaica</option>
<option value="JO">Jordan</option>
<option value="JP">Japan</option>
<option value="KE">Kenya</option>
<option value="KG">Kyrgyzstan</option>
<option value="KI">Kiribati</option>
<option value="KM">Comoros</option>
<option value="KN">Saint Kitts and Nevis</option>
<option value="KR">Korea South</option>
<option value="KW">Kuwait</option>
<option value="KY">Cayman Islands</option>
<option value="KZ">Kazakhstan</option>
<option value="LA">Laos</option>
<option value="LB">Lebanon</option>
<option value="LC">Saint Lucia</option>
<option value="LI">Liechtenstein</option>
<option value="LK">Sri Lanka</option>
<option value="LR">Liberia</option>
<option value="LS">Lesotho</option>
<option value="LT">Lithuania</option>
<option value="LU">Luxembourg</option>
<option value="LV">Latvia</option>
<option value="LY">Libya</option>
<option value="MK">Macedonia</option>
<option value="MO">Macao</option>
<option value="MG">Madagascar</option>
<option value="MY">Malaysia</option>
<option value="ML">Mali</option>
<option value="MW">Malawi</option>
<option value="MR">Mauritania</option>
<option value="MH">Marshall Islands</option>
<option value="MQ">Martinique</option>
<option value="MU">Mauritius</option>
<option value="YT">Mayotte</option>
<option value="MT">Malta</option>
<option value="MX">Mexico</option>
<option value="MA">Morocco</option>
<option value="MC">Monaco</option>
<option value="MD">Moldova</option>
<option value="MN">Mongolia</option>
<option value="MM">Myanmar</option>
<option value="MP">Northern Mariana Islands</option>
<option value="MS">Montserrat</option>
<option value="MV">Maldives</option>
<option value="MZ">Mozambique</option>
<option value="NA">Namibia</option>
<option value="NC">New Caledonia</option>
<option value="NE">Niger</option>
<option value="NF">Norfolk Island</option>
<option value="NG">Nigeria</option>
<option value="NI">Nicaragua</option>
<option value="NL">Netherlands</option>
<option value="NO">Norway</option>
<option value="NP">Nepal</option>
<option value="NR">Nauru</option>
<option value="NU">Niue</option>
<option value="NZ">New Zealand</option>
<option value="OM">Oman</option>
<option value="PA">Panama</option>
<option value="PE">Peru</option>
<option value="PG">Papua New Guinea</option>
<option value="PH">Philippines</option>
<option value="PK">Pakistan</option>
<option value="PL">Poland</option>
<option value="PM">Saint Pierre and Miquelon</option>
<option value="CS">Serbia and Montenegro</option>
<option value="PN">Pitcairn</option>
<option value="PR">Puerto Rico</option>
<option value="PS">Palestinian Territory</option>
<option value="PT">Portugal</option>
<option value="PW">Palau</option>
<option value="PY">Paraguay</option>
<option value="QA">Qatar</option>
<option value="RE">Reunion</option>
<option value="RO">Romania</option>
<option value="RU">Russian Federation</option>
<option value="RW">Rwanda</option>
<option value="SA">Saudi Arabia</option>
<option value="WS">Samoa</option>
<option value="SH">Saint Helena</option>
<option value="VC">Saint Vincent and the Grenadines</option>
<option value="SM">San Marino</option>
<option value="ST">Sao Tome and Principe</option>
<option value="SN">Senegal</option>
<option value="SC">Seychelles</option>
<option value="SL">Sierra Leone</option>
<option value="SG">Singapore</option>
<option value="SK">Slovakia</option>
<option value="SI">Slovenia</option>
<option value="SB">Solomon Islands</option>
<option value="SO">Somalia</option>
<option value="ZA">South Africa</option>
<option value="ES">Spain</option>
<option value="SD">Sudan</option>
<option value="SR">Suriname</option>
<option value="SJ">Svalbard and Jan Mayen</option>
<option value="SE">Sweden</option>
<option value="CH">Switzerland</option>
<option value="SZ">Swaziland</option>
<option value="TW">Taiwan</option>
<option value="TZ">Tanzania</option>
<option value="TJ">Tajikistan</option>
<option value="TH">Thailand</option>
<option value="TL">Timor-Leste</option>
<option value="TG">Togo</option>
<option value="TK">Tokelau</option>
<option value="TO">Tonga</option>
<option value="TT">Trinidad and Tobago</option>
<option value="TN">Tunisia</option>
<option value="TR">Turkey</option>
<option value="TM">Turkmenistan</option>
<option value="TC">Turks and Caicos Islands</option>
<option value="TV">Tuvalu</option>
<option value="UA">Ukraine</option>
<option value="UG">Uganda</option>
<option value="AE">United Arab Emirates</option>
<option value="UK">United Kingdom</option>
<option value="US">United States</option>
<option value="UM">United States Minor Outlying Islands</option>
<option value="UY">Uruguay</option>
<option value="UZ">Uzbekistan</option>
<option value="VU">Vanuatu</option>
<option value="VA">Vatican City State</option>
<option value="VE">Venezuela</option>
<option value="VG">Virgin Islands</option>
<option value="VI">Virgin Islands</option>
<option value="VN">Viet Nam</option>
<option value="WF">Wallis and Futuna</option>
<option value="EH">Western Sahara</option>
<option value="YE">Yemen</option>
<option value="ZM">Zambia</option>
<option value="ZW">Zimbabwe</option>
</select></div>
</div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoSimple" style="margin-left: 120px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1301"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="417-HWY-826">
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="Jigsaw" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="mKTOProductInterest" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="pageSource" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="campaignCodeMostRecent" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="utmcampaign" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="utmcontent" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="utmmedium" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="utmsource" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="utmterm" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="referringURL" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="CWS_GCLID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
<div class="mktoFormRow mktoFormRowHidden"><input type="hidden" name="ga_cid__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;"></div>
</form>
<form class="mktoForm mktoHasWidth mktoLayoutLeft" data-form-id="1301" data-poi="" data-page-source="" data-campaign-code="" data-gclid="" data-zoom-info="" __bizdiag="-1839851753" __biza="WJ__" novalidate="novalidate"
style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>
Text Content
___ Skip to main content * Contact Us * Sign In * SOLUTIONS Cybersecurity Management Everything you need to protect your clients’ most critical business assets * MDR Address the growing frequency, type, and severity of cyber threats against SMB endpoints * SIEM Centralize threat visibility and analysis, backed by cutting-edge threat intelligence * Risk Assessment & Vulnerability Management Identify unknown cyber risks and routinely scan for vulnerabilities * Identity Management Secure and streamline client access to devices and applications with strong authentication and SSO * Cloud App Security Monitor and manage SaaS security risks for the entire Microsoft 365 environment. * SASE Zero trust secure access for users, locations, and devices * Enterprise-grade SOC Provide 24/7 threat monitoring and response backed by proprietary threat research and intelligence and certified cyber experts * Policy Management Create, deploy, and manage client security policies and profiles * Incident Response Service On-tap cyber experts to address critical security incidents * Cybersecurity Glossary Guide to the most common, important terms in the industry * What is cybersecurity? Everything you need to know - from our experts. See All Cybersecurity Management solutions >> Unified Monitoring & Management Monitor, troubleshoot and backup customer endpoints and data. * RMM Monitor and manage your client’s networks the way you want - hands-on, automated or both. * Best PSA/RMM Vendor CPI US MSP Innovation Awards 2022 * BCDR Keep your client’s at ease with backup and disaster recovery you can trust. * ScreenConnect Remotely access and support any device, anywhere, any time. * Access Management Eliminate shared admin passwords and protect customers from security threats. * NOC Services 24/7/365 network operations center of expert technicians at your service. * Automate Powerful RMM for next-level IT support All Unified Monitoring & Management solutions >> Business Management Efficiently run your TSP business with integrated front and back office solutions. * PSA Professional services automation designed to run your as-a-service business. * Best PSA/RMM Vendor CPI US MSP Innovation Awards 2022 * CPQ Advanced quote and proposal automation to streamline your quoting. * Dashboards & KPIs by BrightGauge KPI dashboards and reporting for real-time business insights. * IT Documentation by ITBoost Centralized, intuitive IT documentation. * Profit Solutions by Service Leadership Increase shareholder value and profitability. * SmileBack Customer Service Feedback For MSPs * Business Management Packages Optimize your business operations through curated packages designed to streamline, standardize, and automate your business processes. All Business Management solutions >> Integrated Expert Services Solve staffing issues with managed services to support your team and clients. * Help Desk Services Consistent, scalable, and high-quality help-desk services with trained technicians. * Dedicated Technician Technical expertise and personalized support to scale your staff. * Project Assistance On-demand technical expertise * NOC Services 24/7/365 network operations center of expert technicians at your service. * SOC Services 24/7/365 threat monitoring and response in our security operations center. * Incident Response Service On-tap cyber experts to address critical security incidents All Integrated Services Solutions >> The Asio™ Platform Automate more, revolutionize efficiency, and grow business faster with a platform built for TSP’s. * ConnectWise Sidekick Accelerate team productivity and increase customer satisfaction through generative AI functionality. * RPA Save time and resources through easy to use workflows and automate repetitive processes to make your team more efficient. Asio™ Overview >> Solution Marketplace >> * WHY CONNECTWISE TSP SOLUTIONS * Managed Services Provider (MSP) * Managed Security Solutions Provider (MSSP) * Value Added Reseller (VAR) * Office Technology Dealer * Internal IT * Partner Success Stories * What We Offer COMMUNITY * The IT Nation * Events * IT Industry Conference * Cybersecurity Conference * User Groups * Peer Groups * Online Community SECURITY FOCUSED * Cybersecurity Center * Cyber Research Unit * Trust Center * Security Bulletins * Partner Program IT NATION SECURE * RESOURCES LEARN + GROW * Resource Center * Events * Webinars * Podcasts * Blog * Modes Theory™ Identify where you are, where you want to go, and how to get there * ConnectWise Certify TSP training & professional development certifications EXPLORE SOLUTIONS * Start a Trial * Register for a Live Demo * Watch On-Demand Demos * Request a Quote Best PSA/RMM Vendor CPI US MSP Innovation Awards 2022 * COMPANY ABOUT * What Makes Us Different * Mission & Vision * History * Leadership * Board of Directors COMPANY UPDATES * Awards * Press Room * Philanthropy * Careers * Contact Us Sign In NEW! Advisories Try For Free 1. Home 2. Company 3. Trust Center 4. Security Bulletins 5. ConnectWise ScreenConnect 23.9.8 security fix CONNECTWISE SCREENCONNECT 23.9.8 SECURITY FIX 02/19/2024 Products: ScreenConnect Severity: Critical Priority: 1 - High February 27, 2024 update: Cloud partner summary: Cloud partners are remediated against both vulnerabilities reported on February 19. No further action is required from any cloud partner (“screenconnect.com” cloud and “hostedrmm.com”). On-prem partner summary: On-prem partners are advised to immediately upgrade to the latest version of ScreenConnect to remediate against reported vulnerabilities. Active maintenance If you are on active maintenance, we strongly recommend upgrading to the most current release of 23.9.8 or later. Using the most current release of ScreenConnect includes security updates, bug fixes, and enhancements not found in older releases. Off maintenance ConnectWise has provided a patched version of 22.4.20001 available to any partner regardless of maintenance status as an interim step to mitigate the vulnerability. If you are not currently under maintenance, please upgrade your servers to version 22.4.20001 at minimum or to your latest eligible patched version that includes the remediation for CVE-2024-1709. (Updated) Addressing license errors: If a license error arises during the upgrade, please stop the four ScreenConnect services (Session Manager, Security Manager, Web Server, Relay), move the “License.xml” file from the installation folder “C:\Program Files (x86)\ScreenConnect\App_Data\License.xml” to another location such as Desktop, and proceed with the upgrade. After the upgrade is complete, the license key will need to be re-added by stopping the four services and dropping the file back into the App_Data folder. ACTIVE ADVISORY * ScreenConnect vulnerability CWE-288 * ScreenConnect 23.9.8 security bulletin * How to upgrade on-premise installation * Download patch * FAQ HELPFUL LINKS * Advisories RSS feed link * Chrome RSS feed extension * Visit our Trust Center * See latest security bulletins * Check status.connectwise.com * Call 1-888-WISE911 to report a security vulnerabillity * Email help@connectwise.com * Login and open a ticket on ConnectWise Home * Update/check my email preferences February 23, 2024 update: ICYMI: ConnectWise has taken an exception step to support partners no longer under maintenance by making them eligible to install version 22.4 at no additional cost, which will fix CVE-2024-1709, the critical vulnerability. However, this should be treated as an interim step. ConnectWise recommends on-premise partners upgrade to remain within maintenance to gain access to all security and product enhancements. February 22, 2024 update: ConnectWise recommends on-premise partners immediately update to 23.9.8 or higher to remediate reported vulnerabilities. ConnectWise has rolled out an additional mitigation step for unpatched, on-premise users that suspends an instance if it is not on version 23.9.8 or later. If your instance is found to be on an outdated version, an alert will be sent with instructions on how to perform the necessary actions to release the server. To upgrade your version to our latest 23.9 release, please follow this upgrade path: 2.1 → 2.5 → 3.1 → 4.4 → 5.4 → 19.2 → 22.8 → 23.3 → 23.9 If you need any assistance or have additional questions, please go online to ConnectWise Home and open a case with our support team or email help@connectwise.com. February 21, 2024 update*: Cloud partner summary: Cloud partners are remediated against both vulnerabilities reported on February 19. No further action is required from any cloud partner (“screenconnect.com” cloud and “hostedrmm.com”). On-Prem partner summary: On-prem partners are advised to immediately upgrade to the latest version of ScreenConnect to remediate against reported vulnerabilities. Today, ScreenConnect version 23.9.10.8817 was released containing a number of fixes to improve customer experience. It is always recommended to be on the latest version but 23.9.8 is the minimum version that remediated the reported vulnerabilities. As part of this release, ConnectWise has removed license restrictions, so partners no longer under maintenance can upgrade to the latest version of ScreenConnect. *Please see the February 27, 2024 security bulletin update that clarifies partners off maintenance can upgrade to 22.4.20001 (or a later eligible version) to receive a patch to CVE-2024-1709. To get the current 23.9.8 or later release, partners need to be on active maintenance. February 20, 2024 update: Indicators of compromise Indicators of compromise (IOCs) look for malicious activity or threats. These indicators can be incorporated into your cybersecurity monitoring platform. They can help you stop a cyberattack that's in progress. Plus, you can use IOCs to find ways to detect and stop ransomware, malware, and other cyberthreats before they cause data breaches. We've received notifications of suspicious activity that our incident response team has investigated. The following IP addresses were used by threat actors. We are making them available for protection and defense. IOCs: * 155.133.5.15 * 155.133.5.14 * 118.69.65.60 We will continue to update with any further information as it becomes available. Original Bulletin: Summary Vulnerabilities were reported February 13, 2024, through our vulnerability disclosure channel via the ConnectWise Trust Center. There is no evidence that these vulnerabilities have been exploited in the wild, but immediate action must be taken by on-premise partners to address these identified security risks. Vulnerability * CWE-288 Authentication bypass using an alternate path or channel * CWE-22 Improper limitation of a pathname to a restricted directory (“path traversal”) CWE ID Description Base Score Vector CWE-288 Authentication bypass using an alternate path or channel 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CWE-22 Improper limitation of a pathname to a restricted directory (“path traversal”) 8.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H Severity Critical—Vulnerabilities that could allow the ability to execute remote code or directly impact confidential data or critical systems. Priority 1 High—Vulnerabilities that are either being targeted or have higher risk of being targeted by exploits in the wild. Recommend installing updates as emergency changes or as soon as possible (e.g., within days) Affected versions ScreenConnect 23.9.7 and prior Remediation Cloud There are no actions needed by the partner, ScreenConnect servers hosted in “screenconnect.com” cloud or “hostedrmm.com” have been updated to remediate the issue. On-premise Partners that are self-hosted or on-premise need to update their servers to version 23.9.8 immediately to apply a patch. ConnectWise will also provide updated versions of releases 22.4 through 23.9.7 for the critical issue, but strongly recommend that partners update to ScreenConnect version 23.9.8. For instructions on updating to the newest release, please reference this doc: Upgrade an on-premise installation - ConnectWise Link to patch: Download | ConnectWise ScreenConnect™ faq FAQS Frequently asked questions What happened? A critical vulnerability, CVE-2024-1709, was reported by a security researcher that allows anonymous attackers to exploit an authentication bypass flaw to create admin accounts on publicly exposed instances. Essentially, a bad actor could mimic the role as system admin, delete all other users and take over the instance. What is the current status of the vulnerability? Cloud partners: Within 36 hours of confirming the CVE-2024-1709 vulnerability, we applied a manual mitigation for all cloud partners (ConnectWise ScreenConnect™, RMM and Automate/hosted RMM). Completing this action meant that all cloud partners were protected without requiring any actions from the partner. We then completed an upgrade for all ScreenConnect and Automate/hosted RMM cloud partners to our latest 23.9 version, which applies further hardening and reverts to our usual release process format. On-premise partners: A patch is available to partners who are self-hosted or on-premise need to update their servers to version 23.9.8 immediately to apply a patch. Link to patch: Download | ConnectWise ScreenConnect For instruction on updating to the newest release, please reference this doc: Upgrade an on-premise installation - ConnectWise Who is at risk? ConnectWise has taken an exception step to support partners no longer under maintenance by making them eligible to install version 22.4 at no additional cost, which will fix CVE-2024-1709, the critical vulnerability. However, this should be treated as an interim step. ConnectWise recommends on-premise partners upgrade to remain within maintenance to gain access to all security and product enhancements. How can partners protect themselves? There are many things that a partner can do to protect themselves. In this situation, the most important thing you can do is patch your instances immediately! What can partners do if they suspect they have been compromised? If you suspect you have been compromised related to the recent ConnectWise ScreenConnect™™ vulnerability (CVE-2024-1709), please follow the mitigation steps below. 1. Upgrade ScreenConnect to the current 23.9.8 version immediately * Please note, there is an upgrade path that must be followed 2.1 → 2.5 → 3.1 → 4.4 → 5.4 →19.2→22.8→23.3→ 23.9 * Click here to upgrade your on-premise installation 2. If you receive a license error when upgrading, it may be due to a technical problem on the server, or the license key itself may need to be renewed. * If the upgrade cannot be completed, please delete the SetupWizard.aspx file out of the installation folder: C:\Program Files (x86)\ScreenConnect\SetupWizard.aspx 3. Identify the issue * When compromised, the User.xml file on the ScreenConnect™ instance is reset and replaced with a new file that contains only information about one new user C:\Program Files (x86)\ScreenConnect™\App_Data\User.xml * This file can be restored from a backup to get the original users back (if applicable) * If you don’t have a user backup, the user file can be reset again by following the process outlined here. 4. Once you are able to log in, check for malicious commands/tools or connections. * Install the Report Manager extension on the Admin > Extensions page > Browse Extension Marketplace button * Launch Report Manager from the Admin page > Extras menu (4x boxes lower left corner) > Report Manager * There are pre-built reports that will export data as a CSV. All reports show the last 30 days of data by default (this is dependent on the database maintenance plans) * Host Session Connections—shows all connections made to devices * Queued Commands Example—shows all remote commands run against devices * Queued Toolbox Items Example—shows all toolbox items that were queued up Report a security incident If you have questions or need to report a security or privacy incident, please visit our ConnectWise Trust Center. You can also call our Partner InfoSec Hotline at 1-888-WISE911 to report a non-active security incident or a security vulnerability. How do I report a security incident? If you have questions or need to report a security or privacy incident, please visit our ConnectWise Trust Center. You can also call our Partner InfoSec Hotline at 1-888-WISE911 to report a non-active security incident or a security vulnerability. Where can partners go for more information and support? If you need any assistance or have additional questions, please go online to ConnectWise Home and open a case with our support team or email help@connectwise.com. We are communicating in many platforms to make sure you stay informed. However, our FAQ page will capture the latest questions that are frequently asked as this evolves. If you do not find what you are looking for here, please go online to our Trust Center for our advisories and bulletin pages for more information. Some of the partners are getting a license revoked error, even after upgrading their server to the latest version and rebooting. What do we do next? What we've done is revoke the licenses for servers that have checked in using an unpatched version. You will be able to upgrade to the current/patched versions, and if the license is eligible for the installed version, it will automatically be restored by the license server. However, the key would still need to be valid for the version you're using. If the key is not valid, it will stay as revoked, and you'd need to upgrade the key. https://docs.connectwise.com/ConnectWise_ScreenConnect™_Documentation/On-premises/On-premises_licensing/Upgrade_an_on-premises_license Why didn’t I receive an email? Who at my company did receive an email? We went to great lengths to contact partners and previous partners regarding this issue. We’ve heard reports that messages went to junk or spam folders. To avoid this in the future, please set rules that allow ConnectWise communication to hit your primary inbox – add no-reply@connectwise.com to your safe sender list to ensure these important communications are delivered to your inbox. In addition, please update your primary contact details by reaching out to your dedicated account manager. You can also ensure your email preferences are correctly configured in our online self-service ConnectWise Profile and Preference Center. Learn more here. If you have confirmed that your primary contact information is accurate and you are still not receiving emails from our system, we kindly request that you share the primary contact email with us for further investigation. Why was my cloud-hosted ScreenConnect showing a version older than 23.9.8 when the security advisory said we had already been updated? We apologize for any confusion. For cloud-hosted partners, including RMM/Command partners, while we communicated that there was no action needed, many believed they were still vulnerable because their ScreenConnect was showing a version older than 23.9.8. We took action to remediate the vulnerability for all cloud partners, but because partners did not have the new version installed, they thought they were still vulnerable. We rolled out full version upgrades to resolve this. Again, we apologize for any confusion and inconvenience, or original message may have caused. Why did my cloud-hosted ScreenConnect instance have downtime on February 21? Some of our cloud-hosted partners (including RMM/Command partners) were concerned they were possibly compromised due to a brief downtime on February 21. This was due to an accelerated rollout of the formal patch version (23.9) to put us back on a proper release schedule. The average downtime for this was around 10 minutes. How do I know what version of ScreenConnect I am eligible for? Check your Status/Overview page and review the Version Check. Review the Latest Eligible Version row; this will detail the latest version of ScreenConnect that your license permits you to upgrade to. Partners no longer under maintenance are eligible to install version 22.4 at no additional cost, which will fix CVE-2024-1709, the critical vulnerability. However, this should be treated as an interim step. ConnectWise recommends updating to the latest release to get all the current security patches and therefore all partners should upgrade to 23.9.8 or higher using the upgrade path outlined above. For instructions on how to renew your license, please click here or contact our sales team at screenconnectsales@connectwise.com. What happens once I have patched to a remediated version? Once you have patched your on-prem instance of ScreenConnect to the latest version, you should review users with access to ScreenConnect™, remove any that are not recognized, change passwords, and enable MFA. If you are using any extensions, please validate them and remove/add them again. Once all steps are completed restart the server. Do these vulnerabilities directly affect ScreenConnect clients? ScreenConnect clients are not directly impacted by this issue. This is because the identified vulnerabilities involve an authentication bypass and path traversal issues within the server software itself (unpatched ScreenConnect instances version 23.9.7 and below), rather than any vulnerabilities within the client software that is installed on end-user devices. While updating the clients is always recommended, it is not required to mitigate or protect against this issue. Ready to talk? Contact Us Chat Now 800.671.6898 Partner Support Solutions * Asio™ by ConnectWise® * Cybersecurity Management * Unified Monitoring & Management * Business Management * Integrated Services * Solution Marketplace For Partners * University Login * ConnectWise Home * Getting Help * Documentation * Partner Services * Partner Communications * Partner Referral Resources * Blog * Resource Center * Events * Webinars * Podcasts * The IT Nation * Online Community Company * Mission & Vision * History * Awards * Press Room * Careers * Distributors * Contact Us Enter your email address to receive updates from ConnectWise. CountryAfghanistanAlbaniaAlgeriaAland IslandsAmerican SamoaAnguillaAndorraAngolaAntilles - NetherlandsAntigua and BarbudaAntarcticaArgentinaArmeniaAustraliaAustriaArubaAzerbaijanBosnia and HerzegovinaBarbadosBangladeshBelgiumBurkina FasoBulgariaBahrainBurundiBeninBermudaBrunei DarussalamBoliviaBrazilBahamasBhutanBouvet IslandBotswanaBelarusBelizeCambodiaCameroonCanadaCape VerdeCentral African RepublicChadChileChinaChristmas IslandCocos IslandsColombiaCongoIvory CoastCook IslandsCosta RicaCroatiaCyprusCzech RepublicDemocratic Republic of the CongoDjiboutiDenmarkDominicaDominican RepublicEcuadorEgyptEl SalvadorEast TimorEstoniaEquatorial GuineaEritreaEthiopiaFinlandFijiFalkland IslandsFederated States of MicronesiaFaroe IslandsFranceFrench GuianaFrench PolynesiaGabonGambiaGermanyGhanaGibraltarGreat BritainGrenadaGeorgiaGreeceGreenlandGuineaGuadeloupeS. Georgia and S. Sandwich IslandsGuatemalaGuamGuinea-BissauGuyanaHong KongHeard Island and McDonald IslandsHondurasHaitiHungaryIndonesiaIrelandIsraelIndiaBritish Indian Ocean TerritoryIraqItalyJamaicaJordanJapanKenyaKyrgyzstanKiribatiComorosSaint Kitts and NevisKorea SouthKuwaitCayman IslandsKazakhstanLaosLebanonSaint LuciaLiechtensteinSri LankaLiberiaLesothoLithuaniaLuxembourgLatviaLibyaMacedoniaMacaoMadagascarMalaysiaMaliMalawiMauritaniaMarshall IslandsMartiniqueMauritiusMayotteMaltaMexicoMoroccoMonacoMoldovaMongoliaMyanmarNorthern Mariana IslandsMontserratMaldivesMozambiqueNamibiaNew CaledoniaNigerNorfolk IslandNigeriaNicaraguaNetherlandsNorwayNepalNauruNiueNew ZealandOmanPanamaPeruPapua New GuineaPhilippinesPakistanPolandSaint Pierre and MiquelonSerbia and MontenegroPitcairnPuerto RicoPalestinian TerritoryPortugalPalauParaguayQatarReunionRomaniaRussian FederationRwandaSaudi ArabiaSamoaSaint HelenaSaint Vincent and the GrenadinesSan MarinoSao Tome and PrincipeSenegalSeychellesSierra LeoneSingaporeSlovakiaSloveniaSolomon IslandsSomaliaSouth AfricaSpainSudanSurinameSvalbard and Jan MayenSwedenSwitzerlandSwazilandTaiwanTanzaniaTajikistanThailandTimor-LesteTogoTokelauTongaTrinidad and TobagoTunisiaTurkeyTurkmenistanTurks and Caicos IslandsTuvaluUkraineUgandaUnited Arab EmiratesUnited KingdomUnited StatesUnited States Minor Outlying IslandsUruguayUzbekistanVanuatuVatican City StateVenezuelaVirgin IslandsVirgin IslandsViet NamWallis and FutunaWestern SaharaYemenZambiaZimbabwe Submit Get Social with Us ©2024 ConnectWise, LLC. All rights reserved. Terms Privacy Policy Trust We use cookies to enhance site navigation, analyze site usage and assist in our marketing efforts. You can accept, reject or customize your preferences by clicking the cookie settings button. Our privacy policy provides more information and explains how to amend your cookie settingsPrivacy Policy Customize Choices Reject All Cookies Accept All Cookies PRIVACY PREFERENCE CENTER * YOUR PRIVACY * STRICTLY NECESSARY COOKIES * PERFORMANCE COOKIES * TARGETING COOKIES * FUNCTIONAL COOKIES YOUR PRIVACY When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. View Vendor Details PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. View Vendor Details TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. View Vendor Details FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. View Vendor Details Back Button VENDORS LIST Filter Button Consent Leg.Interest checkbox label label checkbox label label checkbox label label Clear checkbox label label Apply Cancel Confirm My Choices Reject All Allow All