🔴 CVE-2024-1708

CVE-2024-1708 is a critical path traversal vulnerability in ConnectWise ScreenConnect that enables remote code execution on internet-facing remote access servers. This vulnerability is actively exploited in the wild and listed in CISA KEV.

← Back to Overview
HIGH_RISK
Risk Level
8.4
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
Yes (+37d)
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2024-02-21

Added to CISA KEV: 2026-04-28 797 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-1708 is a high-severity path traversal vulnerability (specifically a "Zip Slip" flaw) affecting ConnectWise ScreenConnect (now ConnectWise Access) [1]. It is widely recognized as part of the "SlashAndGrab" exploit chain, which also involved an authentication bypass vulnerability (CVE-2024-1709) [3].

Key Details
FeatureDescription
Vulnerability TypePath Traversal (CWE-22) / "Zip Slip" [1]
Affected VersionsConnectWise ScreenConnect 23.9.7 and prior [6]
ImpactRemote Code Execution (RCE), unauthorized file/directory access, and potential compromise of critical systems [5]
Patch StatusFixed in version 23.9.8 [3]
Exploitation and Threat Landscape
  • Active Exploitation: The vulnerability was subject to widespread, active exploitation in the wild shortly after its disclosure in February 2024 [2] [4].
  • Attack Method: The flaw exists in the `ZipDirectory.ExtractToDirectory` method used for installing extensions. Attackers could upload a malicious `.zip` archive containing files with "dot-dot-slash" (`../`) sequences, allowing them to write files outside the intended directory [1].
  • Requirements: While the vulnerability itself is a path traversal, it was frequently used in conjunction with CVE-2024-1709 (an authentication bypass) to achieve full RCE on the instance [4].
  • Usage in Campaigns: The vulnerability was heavily leveraged by threat actors for post-exploitation activities, including the deployment of ransomware and other malicious payloads, following the initial compromise of ScreenConnect instances [2].
  • Proof-of-Concept: Security researchers, including those at Huntress, successfully recreated proof-of-concept exploits shortly after the vulnerability was disclosed to demonstrate its impact [3].

Sources

  1. CVE-2024-1708 (ScreenConnect Zip Slip) Vulnerability - Huntress

    CVE-2024-1708 is a Path Traversal vulnerability, specifically a "Zip Slip" flaw, within the ScreenConnect extension handling mechanism. Normally ... CVE-2024-1708 technical description The vulnerability exists in the ZipDirectory.ExtractToDirectory method used by the application to install extension…

  2. SlashAndGrab: ScreenConnect Post-Exploitation in the... | Huntress

    Adversaries have been VERY busy in the wake of the ScreenConnect vulnerabilities (CVE-2024-1709 & CVE-2024-1708). Here’s all the post-exploitation details, tradecraft, and tactics we’ve observed so far!In previous posts, we shared the details of this vulnerability, its exploit, and shared detection…

  3. ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708

    Glitch effect. On February 19, 2024, ConnectWise published a security advisory for ScreenConnect version 23.9.8, referencing two vulnerabilities and software weaknesses. The same day, Huntress researchers worked to understand this threat and successfully recreated a proof-of-concept exploit demonstr…

  4. ConnectWise ScreenConnect - CVE-2024-1709 & CVE-2024-1708

    CVE-2024-1708 is a high-severity path traversal vulnerability affecting the same ScreenConnect versions as CVE-2024-1709. Once CVE-2024-1709 is ... CVE-2024-1708 is a high-severity path traversal vulnerability affecting the same ScreenConnect versions as CVE-2024-1709. Once CVE-2024-1709 is exploite…

  5. CVE-2024-1708: ConnectWise ScreenConnect Path Traversal

    CVE-2024-1708 Overview ConnectWise ScreenConnect 23.9.7 and prior versions are affected by a path traversal vulnerability (CWE-22) that may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. This vulnerability poses significant risks to org…

  6. CVE-2024-1708 Detail - NVD

    ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed