更新日 : 2024/02/27 00:54
CVSS v2-
CVSS v310
【ConnectWise, Inc. の screenconnect における脆弱性】
2024年2月27日にscreenconnectの脆弱性情報が公開されました。
対応が必要か検討してください。
企業:ConnectWise, Inc.
CVSS v3
参考:CVSSの深刻度レベル
https://jvndb.jvn.jp/ja/contents/2024/JVNDB-2024-002841.html
CVE CVE-2024-1709
https://www.cve.org/CVERecord?id=CVE-2024-1709
NVD CVE-2024-1709
https://nvd.nist.gov/vuln/detail/CVE-2024-1709
CISA Known Exploited Vulnerabilities Catalog CVE-2024-1709
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
関連文書 github.com (pull/18870)
https://github.com/rapid7/metasploit-framework/pull/18870
関連文書 github.com (connectwise-screenconnect_auth-bypass-add-user-poc)
https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
関連文書 techcrunch.com (researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit)
https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/
関連文書 www.bleepingcomputer.com (connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw)
https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
関連文書 www.connectwise.com (connectwise-screenconnect-23.9.8)
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
関連文書 www.horizon3.ai (connectwise-screenconnect-auth-bypass-deep-dive)
https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/
関連文書 www.huntress.com (a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass)
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
関連文書 www.huntress.com (detection-guidance-for-connectwise-cwe-288-2)
https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
関連文書 www.huntress.com (vulnerability-reproduced-immediately-patch-screenconnect-23-9-8)
https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
関連文書 www.securityweek.com (connectwise-confirms-screenconnect-flaw-under-active-exploitation)
https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
CWE-Other
https://www.ipa.go.jp/security/vuln/scap/cwe.html
2024/02/27 00:54:00
最終更新日
2024/02/27 00:54:00
もっと見る >>
対応が必要か検討してください。
脆弱性情報の概要
ConnectWise, Inc. の screenconnect には、不特定の脆弱性が存在します。対象製品
製品:screenconnect企業:ConnectWise, Inc.
深刻度(CVSS)
CVSS v2-
10
参考:CVSSの深刻度レベル
| スコア | CVSS v2 | CVSS v3 |
| 9.0~10.0 | 危険 | 緊急 |
| 7.0~8.9 | 危険 | 重要 |
| 4.0~6.9 | 警告 | 警告 |
| 0.1~3.9 | 注意 | 注意 |
| 0 | 注意 | なし |
リンク情報
JVN JVNDB-2024-002841https://jvndb.jvn.jp/ja/contents/2024/JVNDB-2024-002841.html
CVE CVE-2024-1709
https://www.cve.org/CVERecord?id=CVE-2024-1709
NVD CVE-2024-1709
https://nvd.nist.gov/vuln/detail/CVE-2024-1709
CISA Known Exploited Vulnerabilities Catalog CVE-2024-1709
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
関連文書 github.com (pull/18870)
https://github.com/rapid7/metasploit-framework/pull/18870
関連文書 github.com (connectwise-screenconnect_auth-bypass-add-user-poc)
https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
関連文書 techcrunch.com (researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit)
https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/
関連文書 www.bleepingcomputer.com (connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw)
https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
関連文書 www.connectwise.com (connectwise-screenconnect-23.9.8)
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
関連文書 www.horizon3.ai (connectwise-screenconnect-auth-bypass-deep-dive)
https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/
関連文書 www.huntress.com (a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass)
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
関連文書 www.huntress.com (detection-guidance-for-connectwise-cwe-288-2)
https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
関連文書 www.huntress.com (vulnerability-reproduced-immediately-patch-screenconnect-23-9-8)
https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
関連文書 www.securityweek.com (connectwise-confirms-screenconnect-flaw-under-active-exploitation)
https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
CWE-Other
https://www.ipa.go.jp/security/vuln/scap/cwe.html
日付情報
登録日2024/02/27 00:54:00
最終更新日
2024/02/27 00:54:00
「screenconnect」に関する直近の脆弱性情報
更新日 : 2024/02/27 00:55
ConnectWise, Inc. の screenconnect におけるパストラバーサルの脆弱性
更新日 : 2024/02/27 00:54
ConnectWise, Inc. の screenconnect における脆弱性
