[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-1708":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-29T07:22:50.275Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":73,"duplicate_of":9,"upstream":74,"downstream":75,"duplicates":76,"related":77,"reserved_at":9,"published_at":78,"modified_at":79,"state":80,"summary":81,"references_raw":90,"kevs":113,"epss":124,"epss_history":126,"metrics":358,"affected":366},"CVE-2024-1708","ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker \n\nthe ability to execute remote code or directly impact confidential data or critical systems.\n\n",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[41,50],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":9,"platforms":49,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_B73DA2C3FDA7DEAF","Exploit Reference (huntress.com)","reference","https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass","unknown",0.2,false,[],{"_key":51,"name":52,"source":53,"url":54,"maturity":55,"reliability_score":56,"verified":57,"type":58,"platforms":59,"requires_auth":57,"exploitdb":9,"metasploit":60},"MSF_EXPLOIT_MULTI_HTTP_CONNECTWISE_SCREENCONNECT_RCE_CVE_2024_1709","ConnectWise ScreenConnect Unauthenticated Remote Code Execution","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/exploit/multi/http/connectwise_screenconnect_rce_cve_2024_1709.rb","weaponized",1,true,"remote",[],{"fullname":61,"rank":62,"rank_name":63,"post_auth":57,"check":57,"notes":64},"exploit/multi/http/connectwise_screenconnect_rce_cve_2024_1709",600,"excellent",{"Stability":65,"SideEffects":67,"Reliability":71},[66],"crash-safe",[68,69,70],"ioc-in-logs","config-changes","account-lockouts",[72],"repeatable-session",[],[],[],[],[],"2024-02-21T15:29:10.091Z","2026-04-29T03:55:27.225Z","Analyzed",{"cisa_kev":57,"cisa_ransomware":48,"cisa_vendor":82,"epss_severity":83,"epss_score":84,"severity":85,"severity_score":86,"severity_version":87,"severity_source":88,"severity_vector":89,"severity_status":80},"ConnectWise","critical",0.53657,"high",8.4,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",[91,97,102,107],{"url":92,"sources":93,"tags":95},"https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8",[88,94],"nvd",[96],"Vendor Advisory",{"url":45,"sources":98,"tags":99},[88,94],[100,101],"Exploit","Third Party Advisory",{"url":103,"sources":104,"tags":105},"https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/",[88,94],[101,106],"Technical Description",{"url":108,"sources":109,"tags":110},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1708",[88,94],[111,112,101],"Government Resource","US Government Resource",[114],{"source":115,"vendor":82,"product":116,"date_added":117,"vulnerability_name":118,"short_description":119,"required_action":120,"due_date":121,"known_ransomware_campaign_use":122,"notes":123,"exploitation_type":9},"cisa","ScreenConnect","2026-04-28","ConnectWise ScreenConnect Path Traversal Vulnerability","ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.","Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","2026-05-12","Unknown","https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 ; https://nvd.nist.gov/vuln/detail/CVE-2024-1708",{"date":117,"score":84,"percentile":125},0.98001,[127,131,134,136,139,142,144,146,149,152,155,157,160,162,165,169,171,174,178,180,182,184,187,190,193,195,197,199,202,204,207,209,212,214,216,218,220,223,226,229,232,235,237,240,243,246,248,251,253,256,258,260,263,266,269,271,274,276,279,282,284,286,289,293,296,299,301,304,306,309,311,314,317,319,321,323,325,327,329,331,334,337,340,343,345,347,349,351,353,355],{"date":128,"score":129,"percentile":130},"2025-11-04",0.51965,0.97767,{"date":132,"score":129,"percentile":133},"2025-11-05",0.97768,{"date":135,"score":129,"percentile":133},"2025-11-06",{"date":137,"score":129,"percentile":138},"2025-11-07",0.97769,{"date":140,"score":129,"percentile":141},"2025-11-08",0.9777,{"date":143,"score":129,"percentile":141},"2025-11-09",{"date":145,"score":129,"percentile":141},"2025-11-10",{"date":147,"score":129,"percentile":148},"2025-11-11",0.97771,{"date":150,"score":129,"percentile":151},"2025-11-12",0.97775,{"date":153,"score":129,"percentile":154},"2025-11-13",0.97776,{"date":156,"score":129,"percentile":154},"2025-11-14",{"date":158,"score":129,"percentile":159},"2025-11-15",0.97773,{"date":161,"score":129,"percentile":159},"2025-11-16",{"date":163,"score":129,"percentile":164},"2025-11-17",0.97774,{"date":166,"score":167,"percentile":168},"2025-11-18",0.76932,0.99035,{"date":170,"score":167,"percentile":168},"2025-11-19",{"date":172,"score":167,"percentile":173},"2025-11-20",0.99036,{"date":175,"score":176,"percentile":177},"2025-11-21",0.52542,0.97803,{"date":179,"score":176,"percentile":177},"2025-11-22",{"date":181,"score":176,"percentile":177},"2025-11-23",{"date":183,"score":176,"percentile":177},"2025-11-24",{"date":185,"score":129,"percentile":186},"2025-11-25",0.97778,{"date":188,"score":129,"percentile":189},"2025-11-26",0.97779,{"date":191,"score":129,"percentile":192},"2025-11-27",0.9778,{"date":194,"score":129,"percentile":189},"2025-11-28",{"date":196,"score":129,"percentile":192},"2025-11-29",{"date":198,"score":129,"percentile":189},"2025-11-30",{"date":200,"score":129,"percentile":201},"2025-12-01",0.97795,{"date":203,"score":129,"percentile":201},"2025-12-02",{"date":205,"score":129,"percentile":206},"2025-12-03",0.97796,{"date":208,"score":129,"percentile":186},"2025-12-04",{"date":210,"score":129,"percentile":211},"2025-12-05",0.97777,{"date":213,"score":129,"percentile":186},"2025-12-06",{"date":215,"score":129,"percentile":189},"2025-12-07",{"date":217,"score":129,"percentile":192},"2025-12-08",{"date":219,"score":129,"percentile":189},"2025-12-09",{"date":221,"score":129,"percentile":222},"2025-12-10",0.97783,{"date":224,"score":129,"percentile":225},"2025-12-11",0.97784,{"date":227,"score":129,"percentile":228},"2025-12-12",0.97787,{"date":230,"score":129,"percentile":231},"2025-12-13",0.97789,{"date":233,"score":129,"percentile":234},"2025-12-14",0.9779,{"date":236,"score":129,"percentile":234},"2025-12-15",{"date":238,"score":129,"percentile":239},"2025-12-16",0.97791,{"date":241,"score":129,"percentile":242},"2025-12-17",0.97794,{"date":244,"score":129,"percentile":245},"2025-12-18",0.97793,{"date":247,"score":129,"percentile":242},"2025-12-19",{"date":249,"score":176,"percentile":250},"2025-12-20",0.97818,{"date":252,"score":176,"percentile":250},"2025-12-21",{"date":254,"score":176,"percentile":255},"2025-12-22",0.97817,{"date":257,"score":176,"percentile":250},"2025-12-23",{"date":259,"score":176,"percentile":250},"2025-12-24",{"date":261,"score":176,"percentile":262},"2025-12-25",0.97819,{"date":264,"score":176,"percentile":265},"2025-12-26",0.9782,{"date":267,"score":176,"percentile":268},"2025-12-27",0.97836,{"date":270,"score":176,"percentile":250},"2025-12-28",{"date":272,"score":176,"percentile":273},"2025-12-29",0.97821,{"date":275,"score":176,"percentile":273},"2025-12-30",{"date":277,"score":176,"percentile":278},"2025-12-31",0.97823,{"date":280,"score":176,"percentile":281},"2026-01-01",0.97844,{"date":283,"score":129,"percentile":262},"2026-01-02",{"date":285,"score":129,"percentile":262},"2026-01-03",{"date":287,"score":129,"percentile":288},"2026-01-04",0.97802,{"date":290,"score":291,"percentile":292},"2026-01-05",0.52122,0.97805,{"date":294,"score":291,"percentile":295},"2026-01-06",0.97806,{"date":297,"score":291,"percentile":298},"2026-01-07",0.97808,{"date":300,"score":291,"percentile":298},"2026-01-08",{"date":302,"score":291,"percentile":303},"2026-01-09",0.97811,{"date":305,"score":291,"percentile":303},"2026-01-10",{"date":307,"score":291,"percentile":308},"2026-01-11",0.97809,{"date":310,"score":291,"percentile":303},"2026-01-12",{"date":312,"score":291,"percentile":313},"2026-01-13",0.97812,{"date":315,"score":291,"percentile":316},"2026-01-14",0.97816,{"date":318,"score":291,"percentile":255},"2026-01-15",{"date":320,"score":291,"percentile":262},"2026-01-16",{"date":322,"score":291,"percentile":278},"2026-01-17",{"date":324,"score":291,"percentile":262},"2026-01-18",{"date":326,"score":291,"percentile":262},"2026-01-19",{"date":328,"score":291,"percentile":265},"2026-01-20",{"date":330,"score":291,"percentile":265},"2026-01-21",{"date":332,"score":291,"percentile":333},"2026-01-22",0.97822,{"date":335,"score":291,"percentile":336},"2026-01-23",0.97826,{"date":338,"score":291,"percentile":339},"2026-01-24",0.97827,{"date":341,"score":291,"percentile":342},"2026-01-25",0.97825,{"date":344,"score":291,"percentile":339},"2026-01-26",{"date":346,"score":291,"percentile":339},"2026-01-27",{"date":348,"score":291,"percentile":336},"2026-01-28",{"date":350,"score":291,"percentile":339},"2026-01-29",{"date":352,"score":291,"percentile":339},"2026-01-30",{"date":354,"score":291,"percentile":336},"2026-01-31",{"date":356,"score":291,"percentile":357},"2026-02-01",0.97846,[359,364],{"source":88,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":360,"cvss_v4_0":9},{"baseScore":86,"baseSeverity":361,"vectorString":89,"impactScore":362,"exploitabilityScore":363},"HIGH",10,4.4,{"source":94,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":365,"cvss_v4_0":9},{"baseScore":86,"baseSeverity":361,"vectorString":89,"impactScore":362,"exploitabilityScore":363},[367],{"ecosystem":9,"name":116,"vendor":368,"product":369,"cpe_part":370,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":371},"connectwise","screenconnect","a",[372,377],{"version":373,"is_range":57,"range_type":374,"version_start":9,"version_start_type":9,"version_end":375,"version_end_type":376,"fixed_in":9},"lt23.9.8","cpe","23.9.8","excluding",{"version":378,"is_range":57,"range_type":88,"version_start":9,"version_start_type":9,"version_end":379,"version_end_type":380,"fixed_in":9},"\u003C= 23.9.7 ","23.9.7 ","including"]