ConnectWise ScreenConnect Vulnerability Audit – CVE-2024-1709
Software VulnerabilityDiscover ScreenConnect Servers Vulnerable to CVE-2024-1708 and CVE-2024-1709 in Your IT Estate
ConnectWise has released a security update for its ScreenConnect remote desktop and access software in response to 2 new vulnerabilities, one of which is critical. CVE-2024-1709 is an Authentication bypass using an alternate path or channel vulnerability with a base score of 10. There are also reports that the vulnerabilities are being actively exploited in the wild. They can lead to remote code execution which can in turn compromise confidential data and critical processes.
ConnectWise urges all users to update all on-premise servers to version 23.9.8 as soon as possible. The report below will give you an overview of all vulnerable ScreenConnect servers in your network. You can read more about this CVE in the ScreenConnect vulnerability blog post.
ScreenConnect Vulnerability Audit Lansweeper On-Prem Query
Select Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tsysAssetTypes.AssetTypename As AssetType, tblAssets.Username, tblAssets.Userdomain, Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon, tblAssets.IPAddress, Software.softwareName As Software, Software.softwareVersion As Version, Software.SoftwarePublisher As Publisher, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, Coalesce(tsysOS.OSname, tblSccmAsset.OsCaption, tblSccmAsset.OperatingSystemNameandVersion) As OS, tblAssets.Version As OSVersion, Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Then 'Scanning Error: ' + tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors, tblAssets.Lastseen As [Last successful scan], tblAssets.Lasttried As [Last scan attempt] From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Inner Join tblState On tblState.State = tblAssetCustom.State Left Join (Select tblsoftware.assetid, tblSoftwareUni.softwareName, tblsoftware.softwareVersion, Case When tblSoftwareUni.softwareName Like '%Screenconnect%' And ((Cast(ParseName(tblsoftware.softwareVersion, 4) As int) < 23) Or (Cast(ParseName(tblsoftware.softwareVersion, 4) As int) = 23 And Cast(ParseName(tblsoftware.softwareVersion, 3) As int) < 9) Or (Cast(ParseName(tblsoftware.softwareVersion, 4) As int) = 23 And Cast(ParseName(tblsoftware.softwareVersion, 3) As int) = 9 And Cast(ParseName(tblsoftware.softwareVersion, 2) As int) < 8)) Then 1 Else 0 End As [out of date], tblSoftwareUni.SoftwarePublisher From tblsoftware Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblsoftware.softID Where tblSoftwareUni.softwareName Like '%Screenconnect%' And tblSoftwareUni.SoftwarePublisher Like '%Screenconnect%') As Software On Software.AssetID = tblAssets.AssetID Left Outer Join tsysOS On tsysOS.OScode = tblAssets.OScode Left Outer Join tblSccmAsset On tblAssets.AssetID = tblSccmAsset.AssetId Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID, Max(tblErrors.Teller) As ErrorID From tblErrors Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID = ScanningError.ID Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype = tblErrors.ErrorType Where Software.softwareName Like '%Screenconnect%' And Software.SoftwarePublisher Like '%Screenconnect%' And tblState.Statename = 'Active' And Software.[out of date] = 1 and tblassets.Assettype = -1