CVE-2024-1708
Improper limitation of a pathname to a restricted directory (“path traversal”)
In short
ConnectWise ScreenConnect versions 23.9.7 and earlier contain a path-traversal flaw that lets attackers access files outside intended directories, potentially leading to remote code execution or exposure of sensitive data.
Technical detail
A path-traversal vulnerability in ConnectWise ScreenConnect ≤23.9.7 allows an unauthenticated or low-privileged attacker to escape directory restrictions and read or write arbitrary files on the system. Exploitation could lead to remote code execution or unauthorized access to confidential data and critical system resources.
Summary generated and translated by AI from the official description.
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker
the ability to execute remote code or directly impact confidential data or critical systems.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Affected products
ConnectWise · ScreenConnectWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1708https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypasshttps://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/