CVE-2024-1708

HIGH

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.

CVSS v3.1 Score

8.4

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Complexity

LOW

Privileges

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 2/21/2024Modified: 4/28/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (6)

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8Vendor Advisory https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypassExploitThird Party Advisory https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8Vendor Advisory https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypassExploitThird Party Advisory https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1708US Government ResourceThird Party Advisory https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/Technical Description