CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
Summary
CISA has added two vulnerabilities affecting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog. This inclusion signifies that these flaws are being actively exploited in the wild, prompting immediate attention from organizations to mitigate potential risks.
IFF Assessment
The addition of actively exploited vulnerabilities to CISA's KEV catalog indicates that threat actors are successfully leveraging these flaws, posing a direct and immediate threat to organizations.
Severity
The CVSS score of 8.4 indicates a High severity vulnerability due to its potential for exploitation. This specific flaw (CVE-2024-1708) is a path traversal vulnerability, which can allow attackers to access sensitive files or directories.
CISA KEV: Listed as actively exploited. Federal patch due: May 12, 2026. Known ransomware use: Unknown.
Defender Context
Organizations using ConnectWise ScreenConnect or vulnerable versions of Microsoft Windows must prioritize patching or implementing mitigating controls for CVE-2024-1708 and any other vulnerabilities added to the KEV catalog. Defenders should actively monitor their environments for signs of exploitation and consider threat intelligence feeds that track KEV additions to stay ahead of active threats.