Vulnerability intelligence

CVE-2024-1709

ConnectWise ScreenConnect Authentication Bypass Vulnerability

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

CVSS Score

Critical

EPSS — Exploit Probability

94%

Riskier than 100% of all CVEs

Exploitation

Confirmed in the wild

Used in ransomware campaigns

Remediation

Patch available

Federal deadline 2024-02-29

CISA required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2024-02-29.

NVD entry Vendor patch PoC / advisory CISA KEV

1 article across 1 outlet · first covered Apr 29, 2026 · latest Apr 29, 2026

Associated threat actors

APT28

Coverage timeline

CISA Flags Actively Exploited CVE-2024-1708 and Windows Flaw
thehackernews.com · Apr 29, 2026

Related CVEs — ConnectWise

CVE-2024-1708KEV