What is the CVSS score of CVE-2024-1708?

CVE-2024-1708 has a CVSS 3.1 base score of 8.4 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H. EPSS exploitation probability: 53.7%.

Which versions of ConnectWise ScreenConnect are affected by CVE-2024-1708?

ConnectWise ScreenConnect versions 23.9.7 and earlier contain a path traversal vulnerability enabling administrative users to execute arbitrary code and exfiltrate sensitive data.

Is there a public PoC exploit available for CVE-2024-1708?

Yes, a public proof-of-concept exploit is available for CVE-2024-1708. Prioritise patching immediately. EPSS: 53.7%.

How to fix or mitigate CVE-2024-1708?

Within 24 hours: catalog all ScreenConnect deployments and document versions; isolate affected systems from critical business networks. Within 7 days: contact ConnectWise Support regarding patch status and upgrade timeline; if patch unavailable, restrict ScreenConnect administrative console network access to designated IP ranges and enforce MFA on all administrator accounts. Within 30 days: apply released patch when available or implement contingency plan using alternative remote access solution; conduct forensic review of administrative logs on affected systems for evidence of exploitation.

ConnectWise ScreenConnect CVE-2024-1708

HIGH

Path Traversal (CWE-22)

2024-02-21 9119a7d8-5eab-497f-8521-727c672e3725

Path Traversal

8.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Added to CISA KEV

Apr 28, 2026 - 19:32 CISA

DescriptionNVD

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker

the ability to execute remote code or directly impact confidential data or critical systems.

AnalysisAI

Path traversal in ConnectWise ScreenConnect 23.9.7 and earlier enables attackers with administrative privileges to write files outside intended directories, leading to remote code execution or direct compromise of confidential data and critical systems. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, and the EPSS score of 53.66% (98th percentile) reflects extremely high real-world exploitation activity. It was disclosed alongside the more severe CVE-2024-1709 authentication bypass, which together formed a widely abused exploit chain against ScreenConnect on-premises servers in early 2024.

Technical ContextAI

ConnectWise ScreenConnect is a widely deployed remote support and remote access platform commonly used by managed service providers (MSPs) and IT teams to administer end-user systems. The root cause is CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), where the application fails to properly sanitize user-supplied path components, allowing attackers to traverse the filesystem and write files into arbitrary locations such as the ScreenConnect web application directory. Because ScreenConnect serves .ashx and other executable handlers from its install directory, writing an attacker-controlled file into that path translates directly into code execution under the service account. The CPE cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:* covers all ScreenConnect product versions up to and including 23.9.7.

RemediationAI

Patch available per vendor advisory - upgrade self-hosted ScreenConnect to version 23.9.8 or later immediately, as ConnectWise released the fixed build to address both this path traversal and the companion authentication bypass CVE-2024-1709. Cloud-hosted (screenconnect.com) tenants were patched automatically by ConnectWise. If patching cannot be performed immediately, restrict network access to the ScreenConnect management web interface to a trusted management VLAN or VPN-only segment (this breaks remote technician access from arbitrary networks but stops external exploitation), and audit the App_Extensions directory and recent file writes for unexpected .aspx/.ashx artifacts indicative of post-exploitation webshells. After patching, rotate ScreenConnect admin credentials, review installed extensions, and hunt for indicators of compromise published by Huntress, Mandiant, and CISA, since active exploitation predates many organizations' patching windows.

CVE-2024-1708 vulnerability details – vuln.today

Back

ConnectWise ScreenConnect CVE-2024-1708

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code