Home / os / blackberry
ConnectWise ScreenConnect 23.9.7 Unauthenticated Remote Code Execution
Posted on 24 February 2024
This Metasploit module exploits an authentication bypass vulnerability that allows an unauthenticated attacker to create a new administrator user account on a vulnerable ConnectWise ScreenConnect server. The attacker can leverage this to achieve remote code execution by uploading a malicious extension module. All versions of ScreenConnect version 23.9.7 and below are affected.