CVE-2024-1709

CRITICALNVD 10.010.0—Trending — 4 sources updated this weekExploited in the wild

10.0

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel

vulnerability, which may allow an attacker direct access to confidential information or

critical systems.

CVSS v3: 10.0
EG Score: 10.0(high)
EPSS: 100.0%
KEV: ⚠ Exploited

Published

February 21, 2024

Last Modified

February 26, 2026

Advisory Details (9)

Auto-updated May 23, 2026

⚠️ Active exploitation confirmed. Patch available.

generic🔴 Active Exploitation

ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation - SecurityWeek

https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/

generic🔴 Active Exploitation

Vulnerability Reproduced: Immediately Patch ScreenConnect 23.9.8 | Huntress

https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8

generic🔴 Active Exploitation

Detection Guidance for ConnectWise CWE-288 | Huntress

https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2

generic Patch Available🔴 Active Exploitation

ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708 | Huntress

https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

generic

ConnectWise ScreenConnect: Authentication Bypass Deep Dive | Horizon3.ai

https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/

generic🔴 Active Exploitation

ConnectWise urges ScreenConnect admins to patch critical RCE flaw

https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/

generic🔴 Active Exploitation

Researchers warn high-risk ConnectWise flaw under attack is 'embarrassingly easy' to exploit | TechCrunch

https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/

generic🟡 PoC Available

GitHub - watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc · GitHub

https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc

generic

Unauthenticated RCE exploit module for ConnectWise ScreenConnect (CVE-2024-1709) by sfewer-r7 · Pull Request #18870 · rapid7/metasploit-framework · GitHub

https://github.com/rapid7/metasploit-framework/pull/18870

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

CWE-288Authentication Bypass Using an Alternate Path or Channel

Data Freshness Timeline

(refreshed 20× in last 7d / 20× in last 30d)

Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.

2026-06-03 19:09 UTCkev_newly_listed
2026-06-03 18:42 UTCEG score recompute
2026-06-03 18:42 UTCGHSA enrichment
2026-06-03 14:59 UTCEG score recompute
2026-06-03 14:59 UTCGHSA enrichment
2026-06-03 11:15 UTCEG score recompute
2026-06-03 11:15 UTCGHSA enrichment
2026-06-03 07:32 UTCEG score recompute
2026-06-03 07:32 UTCGHSA enrichment
2026-06-03 03:49 UTCEG score recompute
2026-06-03 03:49 UTCGHSA enrichment
2026-06-03 00:06 UTCEG score recompute
2026-06-03 00:06 UTCGHSA enrichment
2026-06-02 20:23 UTCEG score recompute
2026-06-02 20:23 UTCGHSA enrichment
2026-06-02 20:12 UTCepss_batch
2026-06-02 20:12 UTCepss_batch
2026-06-02 18:32 UTCkev_newly_listed
2026-06-02 16:39 UTCEG score recompute
2026-06-02 16:39 UTCGHSA enrichment

Publicly available exploits

(5 references)

Working exploit code is in the public domain (2 Metasploit modules) (2 GitHub PoCs). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.

GitHub PoCHussainFathy/CVE-2024-1709
First seen Feb 23, 2024
A Scanner for CVE-2024-1709 - ConnectWise SecureConnect Authentication Bypass Vulnerability
Open source ↗
GitHub PoCW01fh4cker/ScreenConnect-AuthBypass-RCE
First seen Feb 21, 2024
ScreenConnect AuthBypass(cve-2024-1709) --> RCE!!!
Open source ↗
Metasploitauxiliary/admin/http/screenconnect_setup_makeover✓ verified
First seen Feb 21, 2024
Auth bypass + admin account creation chain on ConnectWise ScreenConnect.
Open source ↗
Metasploitexploit/multi/http/connectwise_screenconnect_rce_cve_2024_1709✓ verified
First seen Feb 19, 2024
ConnectWise ScreenConnect Unauthenticated Remote Code Execution
Open source ↗
Nucleihttp/cves/2024/CVE-2024-1709.yaml
First seen Jan 1, 2024
ConnectWise ScreenConnect 23.9.7 - Authentication Bypass
Open source ↗

Past incidents using this CVE

(1)

This CVE was central to one or more publicly-documented breaches. Each card links to authoritative reporting at the time of the incident.

ConnectWise ScreenConnect attacksFeb 2024
Authentication bypass + path traversal in ConnectWise ScreenConnect remote-access software. Ransomware affiliates (Black Basta, Bl00dy) began mass-exploiting within 48 hours of patch release.
Source: CISA

Frequently asked(6)

What is CVE-2024-1709?

CVE-2024-1709 is a critical vulnerability published on February 21, 2024. ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

When was CVE-2024-1709 disclosed?

CVE-2024-1709 was first published in the National Vulnerability Database on February 21, 2024, with the most recent update on February 26, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2024-1709 actively exploited?

Yes. CISA added CVE-2024-1709 to the Known Exploited Vulnerabilities catalog on February 22, 2024, affecting ConnectWise ScreenConnect. KEV listing indicates confirmed exploitation in the wild; this CVE warrants immediate patching attention.

What is the CVSS score of CVE-2024-1709?

CVE-2024-1709 has a CVSS v3 base score of 10.0 (NVD).

Which products are affected by CVE-2024-1709?

CVE-2024-1709 affects ConnectWise ScreenConnect. The full affected-products list, including version ranges and fixed versions, is shown in the Affected Packages section of this page.

How do I remediate CVE-2024-1709?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2024-1709, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2024-1709

Explore →

Is Your Infrastructure Affected by CVE-2024-1709?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2024-1709

📅 Published

🔄 Last Modified

📋 Advisory Details (9)

ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation - SecurityWeek

Vulnerability Reproduced: Immediately Patch ScreenConnect 23.9.8 | Huntress

Detection Guidance for ConnectWise CWE-288 | Huntress

ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708 | Huntress

ConnectWise ScreenConnect: Authentication Bypass Deep Dive | Horizon3.ai

ConnectWise urges ScreenConnect admins to patch critical RCE flaw

Researchers warn high-risk ConnectWise flaw under attack is 'embarrassingly easy' to exploit | TechCrunch

GitHub - watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc · GitHub

Unauthenticated RCE exploit module for ConnectWise ScreenConnect (CVE-2024-1709) by sfewer-r7 · Pull Request #18870 · rapid7/metasploit-framework · GitHub

Weakness Classification(1)

Data Freshness Timeline

Publicly available exploits

Past incidents using this CVE

❓ Frequently asked(6)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2024-1709?

Published

Last Modified

Advisory Details (9)

Frequently asked(6)