ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool


ConnectWise has urgently patched two critical security vulnerabilities in its ScreenConnect remote desktop access product, including an “authentication bypass using an alternate path or channel” with a maximum CVSS severity score of 10/10. Another bug, involving “improper limitation of a pathname to a restricted directory,” received a CVSS severity score of 8.4/10. While there’s no evidence of in-the-wild exploitation, ConnectWise advises enterprise admins to apply the patches promptly due to the severity and risk of potential exploitation, especially for on-prem or self-hosted customers using affected versions 23.9.7 and earlier.

Read More…