PSA & RMM

Solve any challenge with one platform

Operate more efficiently, reduce complexity, improve EBITDA, and much more with the purpose-built platform for MSPs.

Cybersecurity & Data Protection

Ensure security and business continuity, 24/7

Protect and defend what matters most to your clients and stakeholders with ConnectWise's best-in-class cybersecurity and BCDR solutions.

Hyperautomation

Integrate and automate to unlock cost savings

Leverage generative AI and RPA workflows to simplify and streamline the most time-consuming parts of IT.

University

University Log-In

Check out our online learning platform, designed to help IT service providers get the most out of ConnectWise products and services.

About Us

Experience the ConnectWise Way

Join hundreds of thousands of IT professionals benefiting from and contributing to a legacy of industry leadership when you become a part of the ConnectWise community.

News & Press

Experience the ConnectWise Way

Join hundreds of thousands of IT professionals benefiting from and contributing to a legacy of industry leadership when you become a part of the ConnectWise community.

ConnectWise

ConnectWise Control Host Header Injection

12/16/2020

Products: ScreenConnect
Severity: Important
Priority: 2 - Moderate

Summary:

Vulnerability Details:

CWE-20 - Improper Input Validation

Description:

Severity: Important

Vulnerabilities that could compromise confidential data or other processing resources but require additional access / privilege to do so.

Priority: 2

Vulnerabilities that have elevated risk but exploits are neither known nor anticipated to be imminent. Recommend updates within normal change management timelines but no longer than 30 days.

Remediation:

Fixes available in version 20.13

Partners currently using any version 2019.2 to 2020.12 are strongly encouraged to update their systems immediately to ensure that all known security vulnerabilities are patched.

CLOUD:

No action needed. Cloud instances have been remediated.

ON-PREMISE:

Please note there are some actions you need to take in order to apply this update:

To check if a new build has been released for your Control installation:

1. Navigate to your Administration/License page.

2. Expand the Version Check box.

3. If you are on 19.2 or a more recent version, you must install the latest build for your current version to receive the latest security updates.
o If you are on 19.1 or an earlier version, your license is out of maintenance. You must upgrade your license before installing the latest supported release of Control.

4. Visit our Download page. Download the same major version as your current installation.

5. Follow these steps to upgrade: https://docs.connectwise.com/ConnectWise_Control_Documentation/On-premises/Get_started_with_ConnectWise_Control_On-Premise/Upgrade_an_on-premises_installation

Additional Info

https://home.connectwise.com/securityBulletin/5fd926ad6671e30001a9a7bb

Software Updates

Latest Stable: https://www.connectwise.com/platform/unified-management/control/download

;