CVE-2024-1708
HIGH · 8.4 KEV EPSS 84.9%KEV-confirmed exploitation; CISA recent addition; defender patching guidance evident.
What: Path-traversal vulnerability in ConnectWise ScreenConnect ≤23.9.7 enabling remote code execution or data breach; CVSS 8.4, EPSS 0.84.
Why it matters: KEV-listed as of 28 April 2026 with confirmed active exploitation in the wild. CISA formally added the flaw four days ago, signaling urgent defender action required across remote-access deployments.
Where it's seen: CISA KEV notice driving global awareness; multilingual security bulletins (English, Japanese) circulating on Bluesky; practitioner alerts advising immediate patching of exposed ScreenConnect instances; low current engagement relative to trending CVEs but high organizational impact.
RISK: CRITICAL — Actively exploited remote-access compromise; KEV-listed; RCE capability; high EPSS.
AttackerKB
view on attackerkb.com →ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.
Public PoCs on GitHub 20 repos
- blaCCkHatHacEEkr/PENTESTING-BIBLE ★ 13798
articles
- netlas-io/netlas-dorks ★ 203
A list of dorks for the Netlas.io search engine, with which you can find millions of objects in the boundless IoE. Contains queries to search for IoT elements, protocols, communication tools, remote access, and more. Over time, the list will grow.
- iamrajivd/pentest ★ 179
- W01fh4cker/ScreenConnect-AuthBypass-RCE ★ 109 · Python
ScreenConnect AuthBypass(cve-2024-1709) --> RCE!!!
- watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc ★ 73 · Python
Articles & coverage 14 articles
- CVE-2024-1709 & CVE-2024-1708: ConnectWise ScreenConnect Vulnerability Exploitations
This blog explains how the new ConnectWise ScreenConnect vulnerabilities and their exploitation attacks work, as well as how organizations can defend against possible CVE-2024-1709 and CVE-2024-1708 exploitation attacks. We also strongly suggest simulating the ConnectWise ScreenConnect CVE-2024-1709 **and** CVE-2024-1708 **vulnerabilities** to test the effectiveness of your security controls again
- ConnectWise ScreenConnect: CVE-2024-1708: Security Fix - Rapid7
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or
- Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) - Help Net Security
# Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708). The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw. ConnectWise has also released a newer version of ScreenConnect (v2
- CVE-2024-1708: ConnectWise ScreenConnect Path Traversal
# CVE-2024-1708: ConnectWise ScreenConnect Path Traversal. CVE-2024-1708 is a path traversal vulnerability in ConnectWise ScreenConnect 23.9.7 and prior that enables remote code execution and unauthorized data access. ConnectWise ScreenConnect 23.9.7 and prior versions are affected by a path traversal vulnerability (CWE-22) that may allow an attacker the ability to execute remote code or directly
- NVD - cve-2024-1708
Change History 5 change records found show changes **CVE Modified by CVE 11/21/2024 3:51:08 AM** | Action | Type | Old Value | New Value | | --- | --- | --- | --- | | Added | Reference | | ``` https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 ``` | | Added | Reference | | ``` https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-scree
› NVD details 1 CWE ·1 vendor · 6 refs expand
Description
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.
References
Top posts driving the trend
- @technoholic.bsky.socialBluesky · 5/2/2026
CISA adds CVE-2024-1708 to KEV: A high-severity (8.4) path traversal flaw in ConnectWise ScreenConnect, actively exploited. Stay updated and secure your systems.
♥ 0 · ↻ 0 · 💬 0 - @getpokemon7.bsky.socialBluesky · 5/2/2026
CISAが、悪用されているConnectWiseとWindowsの脆弱性をKEVに追加 米国のサイバーセキュリティ・インフラストラクチャセキュリティ庁(CISA)は火曜日、 ConnectWise ScreenConnectとMicrosoft Windowsに影響を与える2つのセキュリティ上の欠陥を、実際に悪用されている証拠に基づき、既知の悪用脆弱性(KEV)カタログに追加した。 脆弱性は以下のとおりです。 CVE-2024-1708(CVSSスコア:8.4) - ConnectWise ScreenConnectにおけるパス・トラバーサル脆弱性。攻撃者がリモートコードを実行した...
♥ 0 · ↻ 0 · 💬 1 - @getpokemon7.bsky.socialBluesky · 5/2/2026
米国サイバーセキュリティ・インフラストラクチャセキュリティ庁(CISA)は、Microsoft Windows ShellおよびConnectWise ScreenConnectの脆弱性を既知の悪用された脆弱性カタログに追加した 米国のサイバーセキュリティ・インフラストラクチャセキュリティ庁(CISA)は、 Windows ShellとConnectWise ScreenConnectの脆弱性を、既知の悪用された脆弱性(KEV)カタログに追加した。 ... CVE-2024-1708 (CVSSスコア8.4)ConnectWise ScreenConnectのパストラバーサル脆弱性
♥ 0 · ↻ 0 · 💬 1 - PM@pmloik.bsky.socialBluesky · 5/2/2026
Top 3 CVE for last 7 days: CVE-2026-31431: 403 interactions CVE-2026-41940: 63 interactions CVE-2026-3854: 55 interactions Top 3 CVE for yesterday: CVE-2026-31431: 190 interactions CVE-2026-41940: 31 interactions CVE-2024-1708: 5 interactions
♥ 0 · ↻ 0 · 💬 0 - SO@solomonneasX · 5/1/2026
Cyber watch: 🔴 Gemini CLI host RCE: patch CLI/action, audit tokens. 🔴 ScreenConnect CVE-2024-1708 in KEV: patch exposed remote-access servers. 🟡 Mini Shai-Hulud hits npm/PyPI/PHP: rotate dev secrets. https://t.co/pBWq66uIkZ
♥ 0 · ↻ 0 · 💬 0
