ConnectWise ScreenConnect Security Update Advisory (CVE-2024-1708, CVE-2024-1709)

Feb 22 2024

Overview

An update has been made available to fix vulnerabilities in ConnectWise ScreenConnect. Users of affected versions are advised to update to the latest version.

Affected Products

ConnectWise ScreenConnect 23.9.7 and earlier versions

Resolved Vulnerabilities

Path traversal vulnerability in ConnectWise ScreenConnect (CVE-2024-1708)

Authentication bypass vulnerability in ConnectWise ScreenConnect using an alternate path or channel that allows direct access to confidential information or critical systems (CVE-2024-1709)

Vulnerability Patches

Vulnerability patches were made available in the February 2024 update. Please update to the latest vulnerability patch version as per the reference site.

ConnectWise ScreenConnect version 23.9.8
ConnectWise ScreenConnect versions 22.4 through 23.9.7 (coming soon)

Referenced Sites

[1] CVE-2024-1708 Detail
https:// nvd.nist.gov/vuln/detail/CVE-2024-1708
[2] CVE-2024-1709 Detail
https:// nvd.nist.gov/vuln/detail/CVE-2024-1709
[3] ConnectWise ScreenConnect 23.9.8 security fix
https:// http://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

ConnectWise ScreenConnect Security Update Advisory (CVE-2024-1708, CVE-2024-1709)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Cisco Family February 2024 First Security Update Advisory

BIND DNS Vulnerability Security Update Advisory (CVE-2023-50387)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Cisco Family February 2024 First Security Update Advisory

BIND DNS Vulnerability Security Update Advisory (CVE-2023-50387)