TL;DR : Self-hosted Screenconnect instances can be logged in by an unauthenticated attacker, giving them access to connected computers. ScreenConnect servers should be patched immediately.
The details: ConnectWise disclosed that an authentication bypass exists within ScreenConnect servers. These were rated by ConnectWise as a CVSS rating of 10, Critical. Bypassing the login will give attackers system level access. ConnectWise has patched servers hosted by them, but customers who are hosting their own ConnectWise server need to patch to version 23.9.8 immediately.
Why we are telling you: This vulnerability is very simple. We anticipate that once the exact details are public it will be used by attackers.
Immediate recommendations:
- If you use ConnectWise server on-premise, update to ScreenConnect server version 23.9.8
More Info/ References:
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8