-
EDR / MDRIdentify, contain, respond, and stop malicious activity on endpoints
-
SIEMCentralize threat visibility and analysis, backed by cutting-edge threat intelligence
-
Risk Assessment & Vulnerability ManagementIdentify unknown cyber risks and routinely scan for vulnerabilities
-
Identity ManagementSecure and streamline client access to devices and applications with strong authentication and SSO
-
Cloud App SecurityMonitor and manage security risk for SaaS apps
-
SASEZero trust secure access for users, locations, and devices
-
SOC ServicesProvide 24/7 threat monitoring and response backed by ConnectWise SOC experts
-
Policy ManagementCreate, deploy, and manage client security policies and profiles
-
Incident Response ServiceOn-tap cyber experts to address critical security incidents
-
Cybersecurity GlossaryGuide to the most common, important terms in the industry
ConnectWise Control Host Header Injection
12/16/2020
Summary:
Vulnerability Details:
CWE-20 - Improper Input Validation
Description:
Severity: Important
Vulnerabilities that could compromise confidential data or other processing resources but require additional access / privilege to do so.
Priority: 2
Vulnerabilities that have elevated risk but exploits are neither known nor anticipated to be imminent. Recommend updates within normal change management timelines but no longer than 30 days.
Remediation:
Fixes available in version 20.13
Partners currently using any version 2019.2 to 2020.12 are strongly encouraged to update their systems immediately to ensure that all known security vulnerabilities are patched.
CLOUD:
No action needed. Cloud instances have been remediated.
ON-PREMISE:
Please note there are some actions you need to take in order to apply this update:
To check if a new build has been released for your Control installation:
1. Navigate to your Administration/License page.
2. Expand the Version Check box.
3. If you are on 19.2 or a more recent version, you must install the latest build for your current version to receive the latest security updates.
o If you are on 19.1 or an earlier version, your license is out of maintenance. You must upgrade your license before installing the latest supported release of Control.
4. Visit our Download page. Download the same major version as your current installation.
5. Follow these steps to upgrade: https://docs.connectwise.com/ConnectWise_Control_Documentation/On-premises/Get_started_with_ConnectWise_Control_On-Premise/Upgrade_an_on-premises_installation
Additional Info
https://home.connectwise.com/securityBulletin/5fd926ad6671e30001a9a7bb
Software Updates
Latest Stable: https://www.connectwise.com/platform/unified-management/control/download