Enterprise IT software giant ConnectWise has released urgent patches for two critical security defects in its ScreenConnect remote desktop access product, warning there is high risk of in-the-wild exploitation.
A second bug, documented as an improper limitation of a pathname to a restricted directory was also fixed and tagged with a CVSS severity score of 8.4/10. The company says the vulnerabilities were reported a week ago through its public disclosure channel but insists there is no evidence of in-the-wild exploitation.
Affected versions include ScreenConnect 23.9.7 and prior versions and the company said it is most relevant on on-prem or self-hosted customers.
The ConnectWise ScreenConnect patches come at a time when the US government is warning about critical risks associated with legitimate remote monitoring and management software.
Enterprise IT service providers use RMM applications to remotely manage client networks and endpoints, but threat actors have been caught abusing these tools to hack into companies to launch ransomware attacks.
In malicious campaigns observed in 2022, threat actors sent phishing emails to deploy legitimate RMM software such as ScreenConnect and AnyDesk on victims' systems, and abuse these for financial gain.
Security defects in ConnectWise software products have landed the company on the CISA KEV catalog.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 20 Feb 2024 17:43:04 +0000