Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two actively exploited vulnerabilities affecting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities are being actively targeted, necessitating immediate attention from IT professionals.

Key Points

• CISA added vulnerabilities from ConnectWise ScreenConnect and Microsoft Windows to the KEV catalog.
• The ConnectWise ScreenConnect vulnerability is identified as CVE-2024-1708.
• CVE-2024-1708 is a path traversal vulnerability with a CVSS score of 8.4.
• Evidence of active exploitation prompted the inclusion of these vulnerabilities in the KEV catalog.

Analysis

The inclusion of these vulnerabilities in the KEV catalog underscores the critical nature of these security flaws, particularly given the active exploitation. The CVE-2024-1708 vulnerability in ConnectWise ScreenConnect, with a high CVSS score of 8.4, poses a significant risk to systems if not promptly addressed. IT professionals should prioritize patching these vulnerabilities to mitigate potential security breaches.

Conclusion

IT professionals should immediately assess their systems for the presence of these vulnerabilities and apply necessary patches or mitigations to protect against potential exploits.