ConnectWise Authentication Bypass

Vulnerability Details:

CVSS Score: 9.2

CWE: 693 – Protection Mechanism Failure

Description:

Inadequate validation of the computer password could potentially allow a remote user to bypass agent authentication in probe communication or agent registration. Subsequently, this could facilitate further exploitation should other vulnerabilities exist.

Remediation:

CLOUD PARTNERS:

• ConnectWise has applied the 2020.0.7.251 patch across all cloud partner environments.

ON-PREMISE PARTNERS:

• On-premise partners should immediately apply the patches listed below, following the important pre and post patch instructions available in the ConnectWise University here. The download link is available in the instruction page.

ConnectWise Automate 2020.0.7.251

ConnectWise Automate 2019.0.12.342