# 使用替代路径或通信渠道绕过身份验证
## 漏洞概述
ConnectWise ScreenConnect 23.9.7及之前版本存在通过替代路径或通道绕过认证的漏洞,可能导致攻击者直接访问机密信息或关键系统。
## 影响版本
- 23.9.7及之前版本
## 细节
此漏洞允许攻击者通过替代路径或通道绕过认证机制,从而绕过应有的访问控制。
## 影响
绕过认证机制可能导致未经授权的访问,攻击者可以访问机密信息或关键系统,从而引发安全事件。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | ScreenConnect AuthBypass(cve-2024-1709) --> RCE!!! | https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE | POC详情 |
| 2 | A Scanner for CVE-2024-1709 - ConnectWise SecureConnect Authentication Bypass Vulnerability | https://github.com/HussainFathy/CVE-2024-1709 | POC详情 |
| 3 | CVE-2024-1709 ConnectWise ScreenConnect auth bypass patch WORK 2.0 | https://github.com/tr1pl3ight/POCv2.0-for-CVE-2024-1709 | POC详情 |
| 4 | None | https://github.com/sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-Bypass | POC详情 |
| 5 | None | https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708 | POC详情 |
| 6 | Event ID 229 Rule Name SOC262 ScreenConnect Authentication Bypass Exploitation Detected (CVE-2024-1709) | https://github.com/AhmedMansour93/Event-ID-229-Rule-Name-SOC262-CVE-2024-1709- | POC详情 |
| 7 | ScreenConnect AuthBypass Mass RCE | https://github.com/AMRICHASFUCK/Mass-CVE-2024-1709 | POC详情 |
| 8 | ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-1709.yaml | POC详情 |
| 9 | A Python tool to check & exploit CVE-2024-1708 & CVE-2024-1709 in ConnectWise ScreenConnect | https://github.com/Teexo/ScreenConnect-CVE-2024-1709-Exploit | POC详情 |
暂无评论