Main Vulnerability Database Exploits ID:9564 - Exploit for Path traversal in ScreenConnect - CVE-2024-1708

ID:9564 - Exploit for Path traversal in ScreenConnect - CVE-2024-1708

Published: February 23, 2024

Vulnerability identifier: #VU86689

Vulnerability risk: Low

CVE-ID: CVE-2024-1708

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
ScreenConnect

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/multi/http/connectwise_screenconnect_rce_cve_2024_1709

Vulnerability description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote privileged user can send a specially crafted HTTP request and read arbitrary files on the system.

Remediation

Install update from vendor's website.

ID:9564 - Exploit for Path traversal in ScreenConnect - CVE-2024-1708

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human