ConnectWise has released a security update addressing two vulnerabilities in on-premise ScreenConnect deployments.
The update addresses a critical authentication bypass vulnerability with a CVSSv3 score of 10 and a path traversal vulnerability with a CVSSv3 score of 8.4. A remote unauthenticated attacker could exploit these vulnerabilities to read arbitrary files, gain root access on the underlying operating system, and execute arbitrary code.
Read more…
Source: NHS Digital