On February 20th, ConnectWise confirmed that two recently disclosed vulnerabilities in ScreenConnect are actively being exploited. These vulnerabilities are identified as CVE-2024-1709 (CVSS: 10), an Authentication bypass, and CVE-2024-1708 (CVSS: 8.4), a Path Traversal issue. Both vulnerabilities affect ScreenConnect versions 23.9.7 and earlier. If exploited, they could enable remote and unauthenticated threat actors to execute code, potentially compromising sensitive data and critical systems.
ConnectWise reassures that cloud-hosted environments, such as the one utilized by Align, are shielded from this issue. Furthermore, ConnectWise has promptly upgraded our ScreenConnect solution to the latest version to mitigate any potential risks.
It should be noted that response measures are currently solely necessary for on-premise/self-hosted ScreenConnect servers.
Align utilizes ScreenConnect servers hosted in the 'screenconnect.com' cloud. These servers have already undergone updates and do not necessitate further remediation actions.
Do you have further other cybersecurity concerns?
If so, we advise you to contact the Align Managed Services team at help@align.com or via phone at +1 855-IT-ALIGN (1-855-482-5446)
Thank you,
The Align Team
Account Management Team email: AccountMGMT@align.com
Align Managed Services Team email: help@align.com
Cyber Team email - cyber@align.com
Alex Bazay, CISO - abazay@align.com
Dan Lyons, Sales and Business Development - dlyons@align.com
Phone: 1 855-IT-ALIGN (1-855-482-5446)