CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability
Summary
A path traversal vulnerability, identified as CVE-2024-1708, has been discovered in ConnectWise ScreenConnect. This flaw could enable attackers to execute remote code or compromise sensitive data and essential systems. Organizations are urged to apply vendor-provided mitigations or cease using the product if no solutions are available.
IFF Assessment
This vulnerability allows for remote code execution and access to confidential data, posing a significant threat to defenders.
Severity
This score reflects the potential for critical impact, including full system compromise and data theft, coupled with a likely exploitable path traversal mechanism that bypasses authorization controls.
CISA KEV: Listed as actively exploited. Federal patch due: May 12, 2026. Known ransomware use: Unknown.
Defender Context
This critical vulnerability in a widely used remote access tool presents a prime target for threat actors. Defenders must prioritize patching or applying mitigations for ConnectWise ScreenConnect immediately to prevent potential ransomware deployment or data exfiltration campaigns.