Threat Intelligence / CVE / CVE-2024-1708
CVE-2024-1708
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.
CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Weaknesses (CWE)
CWE-22
Threats tracking this CVE
- Storm-1175 Medusa Ransomware Zero-Day Exploitation Campaign (CVE-2026-23760, CVE-2025-10035) — CRITICAL
References
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Full detection coverage & IOCs for threats exploiting CVE-2024-1708 are available via the Threadlinqs MCP server (Purple tier). View plans →