Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Welcome 2026 Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiSASE Sovereign
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiNDRCloud
SaaS based NDR solution providing 365 days data retention, along with Technical Success Manager
- Fortinet Community
- Knowledge Base
- FortiNDRCloud
- FortiGuard Outbreak Alert: ConnectWise ScreenConne...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
|
Description |
On Feburary 19,2024, ConnectWise ScreenConnect published a security advisory relating to 2 CVEs: CVE-2024-1708 and CVE-2024-1709
After gaining access to admin account, attackers can exploit CVE-2024-1708 to remotely execute code on vulnerable instances.
ConnectWise recommends updating impacted products to version 23.9.8 or above to remediate these reported vulnerabilities |
|||||||||||||||||||||
|
CVE ID |
CVE-2024-1708 (https://nvd.nist.gov/vuln/detail/CVE-2024-1708) CVE-2024-1709 (https://nvd.nist.gov/vuln/detail/CVE-2024-1709) |
|||||||||||||||||||||
|
NDR Cloud Detection Rule |
The following detection rules detect the exploit used on vulnerable server instances of ConnectWise ScreenConnect:
Customers can use the following detections to identify which devices are running the ConnectWise ScreenConnect Software:
|
|||||||||||||||||||||
|
Playbook |
N/A |
|||||||||||||||||||||
|
Threat hunting |
FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “ConnectWise ScreenConnect Attack” related activities |
|||||||||||||||||||||
|
Suricata Coverage |
Customers can create custom investigation/detections using the Suricata signatures below: 2050988 -> ET WEB_SPECIFIC_APPS ConnectWise ScreenConnect - Attempted SetupWizard Auth Bypass CWE-288 (CVE-2024-1709) 2050989 -> ET WEB_SPECIFIC_APPS ConnectWise ScreenConnect - Successful SetupWizard Auth Bypass CWE-288 (CVE-2024-1709) 2050990 -> ET WEB_SPECIFIC_APPS ConnectWise ScreenConnect - SetupWizard Auth Bypass Vulnerable Version Detected (CVE-2024-1709 CVE-2024-1708) 2050991 -> ET WEB_SPECIFIC_APPS ConnectWise ScreenConnect - Attempted User Creation via SetupWizard with Auth Bypass CWE-288 (CVE-2024-1709) 2050992 -> ET WEB_SPECIFIC_APPS ConnectWise ScreenConnect - Successful User Creation via SetupWizard with Auth Bypass CWE-288 (CVE-2024-1709) |
|||||||||||||||||||||
|
Other Fortinet Products |
For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to |
Labels:
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2026 Fortinet, Inc. All Rights Reserved.