CVE-2024-1708
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
21/02/2024
Last modified:
28/04/2026
Description
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker <br />
<br />
the ability to execute remote code or directly impact confidential data or critical systems.<br />
<br />
Impact
Base Score 3.x
8.40
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:* | 23.9.8 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1708
- https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/