-
- Select Your Region
- Region Name 1
- Region Name 2
- Region Name 3
- Region Name 4
- Region Name 5
menu
July 02, 2020 - ConnectWise Security Bulletin - ConnectWise Control Phishing Issue
Summary:
Several reports have been received that a number of partners have received phishing emails purporting to take the partner to a fake Control login page and asking for credentials.
Vulnerability Details:
CVSS Score: N/A
Description:
Phishing emails purporting to be ConnectWise Control have been sent to some partners in an attempt to spoof the Control login page and harvest user credentials.
Remediation:
This issue and a corresponding takedown request have been raised with Google who is the hosting provider for the fake url.
Workarounds and Mitigations:
Please validate the URL of any email received from a ConnectWise sender. Please do not click on any unknown links. Please report to your own internal IT/Security team if you have accessed a link similar to this and/or provided credentials.
The attached pictures below highlight what the phishing attempt looks like.
So far, we have verified three fake urls that are the originating domain for the phishing mails but want to stress that there could be additional yet unreported:
ivkpkt.connectwises.org
74gb.connectwises.org
g0vd.connectwises.org
The phishing email link if clicked will take the user to the following fake url:
cloud.screenconnecte.com/#/
June 22, 2020 - ConnectWise Security Bulletin - New Customer Portal
Summary:
ConnectWise is aware of a vulnerability in the New Customer Portal that could potentially allow a remote user to execute modifications within an individual environment. This issue was responsibly disclosed by trusted advisors. There have been no reports of exploitation.
Vulnerability Details:
CVSS Score: 8.4
Description:
A remote user could abuse the account registration process to impersonate a legitimate user and act with their assigned privileges.
Remediation:
Connectwise has remediated the issue in all environments.
As an additional precaution, all ConnectWise SSO accounts will be required to re-validate their registered email addresses.
June 22, 2020 - ConnectWise Security Bulletin - New Customer Portal
Summary:
ConnectWise is aware of a vulnerability in the New Customer Portal that could potentially allow an authenticated user access to that individual Administrative portal tenant. This issue was discovered internally. There has been no indication of exploitation.
Vulnerability Details:
CVSS Score: 6.8
Description:
An authenticated user could potentially forge an authorization header required to access the Admin Portal with the ability to modify to the Customer Portal configuration settings as a Portal Administrator.
Remediation:
ConnectWise has remediated the issue in all environments.
No further action is required.
June 13, 2020 - UPDATE - ConnectWise Automate API Vulnerability
Summary:
This is an update to our previous message noting the hotfix application to address the security vulnerability issue that was communicated on June 12, 2020 and June 10, 2020. ConnectWise identified a need for additional hardening measures to be applied to the hotfixes and these new hotfixes are now available.
Vulnerability Details:
CVSS Score: 7.8
Description:
A remote authenticated user could exploit a vulnerability in a specific Automate API and execute commands and/or modifications within an individual Automate instance.
Remediation:
CLOUD PARTNERS:
- ConnectWise re-applied mitigation steps related to deployment of agent installations to address additional hardening measures and we have applied the updated hotfix – 2020.5.178 – which includes the additional hardening measures.
- With this hotfix, the mitigation that interrupted deployment features were removed.
ON-PREMISE PARTNERS:
- On-premise partners should immediately apply the hotfix listed below based on their instance version.
- 2020.5.178 is available here or the .exe file is here.
- 2020.4.143 is available here or the .exe file is here.
- 2020.3.114 is available here or the .exe file is here.
- 2020.2.85 is available here or the .exe file is here.
- 2020.1.53 is available here or the .exe file is here.
- 2019.12.337 is available here or the .exe file is here.
- 2019.11 or older partners, please ensure you have implemented the mitigation steps described here and we strongly encourage that you update to 2019.12 at a minimum.
June 12, 2020 - UPDATE - ConnectWise Automate API Vulnerability
Summary:
This is an update to our previous message noting the hotfix application to address the security vulnerability issue that was communicated on June 10, 2020. ConnectWise has identified a need for additional hardening measures to be applied to the hotfixes and are currently working to update the fixes accordingly. Updates are expected later today, but we recommend all Automate partners take the following actions listed below.
Vulnerability Details:
CVSS Score: 7.8
Description:
A remote authenticated user could exploit a vulnerability in a specific Automate API and execute commands and/or modifications within an individual Automate instance.
Remediation:
CLOUD PARTNERS:
- ConnectWise has re-applied mitigation steps related to deployment of agent installations to address additional hardening measures that will be applied later today via a new hotfix or patch for partners.
ON-PREMISE PARTNERS:
- 2020.5-2020.1 Partners, please apply the currently available hotfix, linked below based on your version, and then re-implement the mitigation steps described here.
- 2020.5.176 is available here or the .exe file is here.
- 2020.4.142 is available here or the .exe file is here.
- 2020.3.113 is available here or the .exe file is here.
- 2020.2.84 is available here or the .exe file is here.
- 2020.1.52 is available here or the .exe file is here.
- 2019.12 and prior partners, please implement or ensure you have implemented the mitigation steps described here. A hotfix for current version 2019.12 and a patch for prior versions is being made available soon.
June 10, 2020 - ConnectWise Automate API Vulnerability
Summary:
ConnectWise is aware of a vulnerability in a ConnectWise Automate API that could potentially allow a remote user to execute modifications within an individual Automate instance. This affects on-premise and cloud based versions of the product.
Vulnerability Details:
CVSS Score: 7.8
Description:
A remote authenticated user could exploit a vulnerability in a specific Automate API and execute commands and/or modifications within an individual Automate instance.
Remediation:
CLOUD PARTNERS:
- ConnectWise had applied mitigating controls to block any potential exploitation and has applied the hotfix across all environments as of 8:45 pm Eastern Time, June 10, 2020.
ON-PREMISE PARTNERS:
- On-premise partners should immediately consider the mitigating controls detailed here.
- Hotfix for version 2020.5 is available here and the .exe file is here.
- Hotfix for version 2020.4 is available here and the .exe file is here.
- Hotfix for version 2020.3 is available here and the .exe file is here.
- Hotfix for version 2020.2 is available here and the .exe file is here.
- Hotfix for version 2020.1 is available here and the .exe file is here.
- Hotfixes for older versions will be available in the coming days.
- On-going updates on these hotfixes are available here.
February 01, 2020 - ConnectWise Manage API Vulnerability
Summary:
ConnectWise is aware of a vulnerability in a ConnectWise Manage API that could allow a remote unauthenticated user to access information within ConnectWise Manage. This affects on premise and cloud based versions of the product.
Vulnerability Details:
CVSS Score: 5.3
Description:
A specifically crafted API query from an unauthenticated user could return internal configuration information. To use this information further, an authenticated session is required. There are no reports of this vulnerability being exploited in the partner community.
Remediation:
A patch to fix this issue is available in release 2020.2.72499.
