This blog has been updated with the latest information on how Barracuda XDR has implemented detection mechanisms to help mitigate the two ConnectWise vulnerabilities.
Two critical vulnerabilities have been discovered with ConnectWise ScreenConnect’s on-premises instances. These vulnerabilities could result in compromise of sensitive data, unauthorized system modifications, and potential lateral movement within the network. To minimize your exposure, apply the recommendations from this Cybersecurity Threat Advisory.
What is the threat?
ConnectWise ScreenConnect on-premises versions 23.9.7 and prior have vulnerabilities that malicious actors could potentially exploit. Cloud-based services under “http://screenconnect.com” or “http://hostedrmm.com,” are not impacted.
These two vulnerabilities fall under the categories of:
- Authentication bypass utilizing an alternate path or channel.
- Improper limitation of a pathname to a restricted directory, commonly referred to as “path traversal”.
Why is it noteworthy?
These critical vulnerabilities may enable attackers to execute remote code or directly affect confidential data and critical systems, magnifying the potential impact on organizations relying on such tools.
What is the exposure or risk?
The vulnerabilities in ScreenConnect versions 23.9.7 and prior pose a significant risk to organizations, as threat actors could successfully exploit remote support tools for unauthorized access. As remote work continues to be prevalent, the exploitation of these vulnerabilities could have far-reaching consequences for organizations relying on such tools. While there is no evidence of exploitation, they still pose high risk to users.
What are the recommendations?
Barracuda MSP recommends the following actions to safeguard against potential exploits and ensure a secure remote desktop infrastructure:
- Update ScreenConnect servers to version 23.9.8 immediately to mitigate the potential impact of the vulnerabilities.
- Implement cybersecurity best practices and stay vigilant.
How can Barracuda XDR assist?
In addition to the recommendations outlined in this Threat Advisory, Barracuda XDR has taken proactive measures to further protect your organization. We’ve integrated Indicators of Compromise (IOCs) associated with this vulnerability into our threat feeds and have implemented detection mechanisms within our Endpoint Security tool. Through Barracuda XDR Managed Endpoint Security product, we offer real-time alerts for this vulnerability and the capability to swiftly quarantine affected devices. Barracuda XDR is dedicated to enhancing your cybersecurity posture and mitigating risks effectively.
References
Please visit the following links for more in-depth information about these recommendations:
If you have any questions regarding this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.
