On February 21, 2024, the American Hospital Association announced that Change Healthcare had been impacted by a security vulnerability in ConnectWise’s ScreenConnect software. ConnectWise has already released patches that remediate these findings. This blog post provides an overview of steps you can take to protect your organization and your third-party network, as well as a summary of our investigation and mitigation efforts.

Description

ScreenConnect provides screenshare capabilities that expand operational functionality in cloud and on-prem environments. Many organizations use ScreenConnect; as a result, this vulnerability could have widespread implications for organizations of all sizes and industries across the world. Mandiant has already “identified mass exploitation of these vulnerabilities by various threat actors”.

Severity and Impact

CVE-2024-1708 and CVE-2024-1709 have both been given a Critical Severity, including indicators of authentication bypasses and directory transversal, which may lead to remote code execution, direct access of restricted, highly sensitive assets, and other harmful actions on a broad scale.

The update contains a fix for a security issue that affects ScreenConnect versions 23.9.7 and earlier.

It is important to quickly assess the impact and risk both internally and within your third-party population. Take action now and follow these steps to assess the potential impact to systems and remediate accordingly.

Step 1: Determine if you are at risk.

If you or a third party are running ConnectWise ScreenConnect v.23.9.7 or earlier, the system is vulnerable to this CVE.
To assess whether your third parties are vulnerable, customers can access the “ScreenConnect Vulnerability Response Questionnaire” in the Whistic Platform by clicking here.

Step 2: Immediately patch systems that have been impacted.

Make sure your Security team is aware of the Vulnerability and the recently deployed patch.
According to ConnectWise’s recommendations:
- If using Cloud, “There are no actions needed by the partner, ScreenConnect servers hosted in “screenconnect.com” cloud or “hostedrmm.com” have been updated to remediate the issue.”
- If using an on-premise solution, update any vulnerable ScreenConnect instances to v.23.9.8 or higher.
- If a full upgrade to 23.9.8 or higher is not possible, “ConnectWise will also provide updated versions of releases 22.4 through 23.9.7 for the critical issue, but strongly recommend that partners update to ScreenConnect version 23.9.8.”

Does this affect Whistic?

As a result of our investigation, we have determined that these vulnerabilities (CVE-2024-1708 or CVE-2024-1709) do not directly impact Whistic. Whistic does not use ConnectWise’s ScreenConnect service, nor have we identified any of our third parties that use the impacted service. We have a structured approach to vulnerability identification and remediation using technologies to minimize and rapidly address security concerns..