February 21, 2024

Align Threat Intelligence Advisory: Exploitation of ConnectWise ScreenConnect

by: Align

Cybersecurity Risk Overview:

On February 20th, ConnectWise confirmed that two recently disclosed vulnerabilities in ScreenConnect are actively being exploited. These vulnerabilities are identified as CVE-2024-1709 (CVSS: 10), an Authentication bypass, and CVE-2024-1708 (CVSS: 8.4), a Path Traversal issue. Both vulnerabilities affect ScreenConnect versions 23.9.7 and earlier. If exploited, they could enable remote and unauthenticated threat actors to execute code, potentially compromising sensitive data and critical systems.

Our Response Strategy:

ConnectWise reassures that cloud-hosted environments, such as the one utilized by Align, are shielded from this issue. Furthermore, ConnectWise has promptly upgraded our ScreenConnect solution to the latest version to mitigate any potential risks.

Additional Information: 

It should be noted that response measures are currently solely necessary for on-premise/self-hosted ScreenConnect servers.

Align utilizes ScreenConnect servers hosted in the 'screenconnect.com' cloud. These servers have already undergone updates and do not necessitate further remediation actions.

Do you have further other cybersecurity concerns? 

If so, we advise you to contact the Align Managed Services team at help@align.com or via phone at +1 855-IT-ALIGN (1-855-482-5446)

Thank you,

The Align Team

Account Management Team email: AccountMGMT@align.com
Align Managed Services Team email: help@align.com 
Cyber Team email - cyber@align.com
Alex Bazay, CISO - abazay@align.com
Dan Lyons, Sales and Business Development - dlyons@align.com
Phone: 1 855-IT-ALIGN (1-855-482-5446)

Continue Reading

Related Articles


“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC