What is the CVSS score of CVE-2024-1709?

CVE-2024-1709 has a CVSS 3.1 base score of 10.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 94.3%.

Is there a public PoC exploit available for CVE-2024-1709?

Yes, a public proof-of-concept exploit is available for CVE-2024-1709. Prioritise patching immediately. EPSS: 94.3%.

How to fix or mitigate CVE-2024-1709?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Vendor patch is available.

CVE-2024-1709

CRITICAL

Authentication Bypass Using an Alternate Path or Channel (CWE-288)

2024-02-21 9119a7d8-5eab-497f-8521-727c672e3725

10.0

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

10.0 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:20 vuln.today

Added to CISA KEV

Feb 26, 2026 - 15:04 cisa

CISA KEV

PoC Detected

Feb 26, 2026 - 15:04 vuln.today

Public exploit code

Patch released

Feb 26, 2026 - 15:04 nvd

Patch available

CVE Published

Feb 21, 2024 - 16:15 nvd

CRITICAL 10.0

DescriptionCVE.org

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel

vulnerability, which may allow an attacker direct access to confidential information or

critical systems.

AnalysisAI

ConnectWise ScreenConnect contains a critical authentication bypass (CVSS 10.0) that allows direct access to the administrative interface, mass-exploited within hours of disclosure for ransomware deployment.

Technical ContextAI

The CWE-288 authentication bypass allows attackers to access the initial setup wizard even after ScreenConnect has been configured. This provides the ability to create new administrator accounts, modify server configuration, and execute code on all connected endpoints.

Affected ProductsAI

ConnectWise ScreenConnect 23.9.7 and prior

RemediationAI

Update ScreenConnect immediately to 23.9.8+. ConnectWise cloud-hosted instances were auto-patched. On-premise instances require manual update. Audit for unauthorized admin accounts. Check all managed endpoints for compromise.

CVE-2024-1709 vulnerability details – vuln.today

Back

CVE-2024-1709

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code