CVE-2024-1708NVD

Vulnerability Summary

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker

the ability to execute remote code or directly impact confidential data or critical systems.

Severity Level

HIGH(8.4)

Published Date

Feb 21, 2024

Last Modified

Apr 28, 2026

Exploitation Status

ACTIVE

EPSS Score (30-Day)

85.44%Probability

Root Weakness (CWE)

CWE-22: Path Traversal ↗

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredHigh

User InteractionRequired

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1708
https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/