PRUEBA AHORA

ConnectWise ScreenConnect Vulnerability Audit – CVE-2024-1709

Software Vulnerability

Discover ScreenConnect Servers Vulnerable to CVE-2024-1708 and CVE-2024-1709 in Your IT Estate

ConnectWise has released a security update for its ScreenConnect remote desktop and access software in response to 2 new vulnerabilities, one of which is critical. CVE-2024-1709 is an Authentication bypass using an alternate path or channel vulnerability with a base score of 10. There are also reports that the vulnerabilities are being actively exploited in the wild. They can lead to remote code execution which can in turn compromise confidential data and critical processes.

ConnectWise urges all users to update all on-premise servers to version 23.9.8 as soon as possible. The report below will give you an overview of all vulnerable ScreenConnect servers in your network. You can read more about this CVE in the ScreenConnect vulnerability blog post.

ScreenConnect Vulnerability Audit Report

ScreenConnect Vulnerability Audit Lansweeper On-Prem Query

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
Software.softwareName As Software,
Software.softwareVersion As Version,
Software.SoftwarePublisher As Publisher,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
Coalesce(tsysOS.OSname, tblSccmAsset.OsCaption,
tblSccmAsset.OperatingSystemNameandVersion) As OS,
tblAssets.Version As OSVersion,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen As [Last successful scan],
tblAssets.Lasttried As [Last scan attempt]
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join (Select tblsoftware.assetid,
tblSoftwareUni.softwareName,
tblsoftware.softwareVersion,
Case
When tblSoftwareUni.softwareName Like '%Screenconnect%' And
((Cast(ParseName(tblsoftware.softwareVersion, 4) As int) < 23) 
Or
(Cast(ParseName(tblsoftware.softwareVersion, 4) As int) = 23 And
Cast(ParseName(tblsoftware.softwareVersion, 3) As int) < 9) 
Or
(Cast(ParseName(tblsoftware.softwareVersion, 4) As int) = 23 And
Cast(ParseName(tblsoftware.softwareVersion, 3) As int) = 9 And
Cast(ParseName(tblsoftware.softwareVersion, 2) As int) < 8)) Then 1
Else 0
End As [out of date],
tblSoftwareUni.SoftwarePublisher
From tblsoftware
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblsoftware.softID
Where tblSoftwareUni.softwareName Like '%Screenconnect%' And
tblSoftwareUni.SoftwarePublisher Like '%Screenconnect%') As Software On
Software.AssetID = tblAssets.AssetID
Left Outer Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Outer Join tblSccmAsset On tblAssets.AssetID = tblSccmAsset.AssetId
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where Software.softwareName Like '%Screenconnect%' And
Software.SoftwarePublisher Like '%Screenconnect%' And tblState.Statename = 'Active'
And Software.[out of date] = 1 and tblassets.Assettype = -1

Show

Hide