CVE-2024-1709 | Authentication bypass using an alternate path or channel
Exp
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
Conclusion & alert: CVE-2024-1709 is rated Critical Active Threat (100/100): CVSS Critical severity, with high exploitation likelihood (EPSS 99.96%, 100th percentile).Core evidence: CISA KEV confirms active exploitation (added 2024-02-22) affecting ConnectWise / ScreenConnect. a weakness (CWE-288) Unauthenticated remote administrative access may be possible. EPSS rose +5.61% over the last day, indicating growing attacker interest.Mandatory action: The CISA remediation deadline has passed—treat as an emergency patch priority.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2024-1709
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).