Advisory 54: Vulnerability for Fortinet FortiOS Out-of-Bound Write Vulnerability.
Release Date: 23rd of February 2024
Impact : HIGH / CRITICAL
TLP Rating: Clear 
CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provide the following advisory.
What is it?
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass using an Alternate Path or Channel vulnerability. Authentication Bypass using an alternative path sim means a product requires authentication, but with the vulnerability affecting the system, it now has an alternative path or the authentication is bypassed.
What are the Systems affected?
ScreenConnect 23.9.7 and prior
What this means?
The vulnerability may allow the attacker (s) direct access to confidential information or critical systems and compromise the systems.
Mitigation process
It is strongly recommended to immediately apply patching of any ConnectWise software to version 23.9.8
This applies to all on-premise versions of ScreenConnect 23.9.7 and below.
Administrators to block any incoming traffic by the following Indicators of Compromise (IOCs) as the below IP addresses have been used by threat actors.
IOCs:
- 133.5.15
- 133.5.14
- 69.65.60
References
- https://nvd.nist.gov/vuln/detail/CVE-2024-1709
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
- Download advisory (English): CVE-2024-1708 & CVE-2024-1709 Vulnerabilities on ConnectWise