Skip to main content
All vulnerabilities
CVE-2024-1708 Known ransomware use CVSS 8.4

ConnectWise ScreenConnect Path Traversal Vulnerability

ConnectWiseScreenConnect

Added to KEV catalog
28 April 2026
Federal remediation due date
12 May 2026
Weakness classification (CWE)
CWE-22

AI Breakdown

What it is

ConnectWise ScreenConnect has a path traversal vulnerability, CVE-2024-1708, affecting versions 23.9.7 and prior. This flaw allows an attacker to access unauthorized areas of the system by manipulating file paths. Through this, they can potentially execute malicious code remotely or directly compromise confidential data and critical systems.

Why it matters

This vulnerability is highly critical because it is currently being exploited in known ransomware campaigns. Attackers are actively using this flaw to gain unauthorized access, which can lead to severe data breaches, system disruption, and costly recovery efforts. The immediate threat of ransomware makes urgent action essential for all organizations.

Recommended action

The most critical step is to immediately apply any available patches from ConnectWise or follow their recommended mitigation instructions without delay. If patches or effective mitigations are not available, it is strongly advised to discontinue the use of the ConnectWise ScreenConnect product. This proactive measure is vital to protect your systems from active exploitation.

AI-generated from CISA and NVD data — treat as a starting point, not a substitute for your own risk assessment.

CISA Description

ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 ; https://nvd.nist.gov/vuln/detail/CVE-2024-1708

NVD Technical Description

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services