Updated on 2022-11-25: ConnectWise vulnerability
Guardio Labs researchers said they found a cross-site scripting (XSS) vulnerability in the ConnectWise remote access platform that the security firm said has “great potential” for misuse by scammers. Guardio said the vulnerability could be used to hijack accounts and their remote access capabilities and that ConnectWise quickly patched the issue after receiving its report. Read more: XSS Vulnerability Found in ConnectWise Remote Access Platform With Great Potential For Misuse by Scammers
Updated on 2022-10-31: Updates Available for ConnectWise RCE Vulnerability
ConnectWise has released updates to address a critical remote code execution vulnerability in its ConnectWise Recover and R1Soft server backup manager. The flaw is due to improper neutralization of special elements in output used by a downstream component. The vulnerability was detected by researchers from Huntress.
- Vulnerabilities in backup systems are one of the underappreciated risks. Backup systems essentially instrument your network for remote privileged file access, and if abused, you easily hand over control to an attacker.
- ConnectWise enterprise applications are most often used by managed service providers (MSPs) that provide IT services to small businesses and local government. In the past 24 months, ransomware attacks have shown a bias towards small businesses and local government. With that in mind and given that a proof of concept exploit exists for this RCE vulnerability, MSPs should place a high priority on implementing the patch within their infrastructure.
- This weakness can be exploited for lateral movement, not just impacting the targeted node, so you really want to close this hole. ConnectWise Recover should have automatically updated to newest version. The R1Soft update supports many Linux package mangers (yum, apt-get, dpkg & rpm), making the update straight forward. There is no workaround here.
Read more in
- Critical Vulnerability Disclosure: ConnectWise/R1Soft Server Backup Manager Remote Code Execution & Supply Chain Risks
- ConnectWise Recover and R1Soft Server Backup Manager Critical Security Release
- Patch Now: Dangerous RCE Bug Lays Open ConnectWise Server Backup Managers
- Critical ConnectWise Vulnerability Affects Thousands of Internet-Exposed Servers
Overview: ConnectWise RCE
Managed service provider ConnectWise released a critical security update on Friday to address a remote code execution vulnerability in two of its backup server solutions that could be used to take over vulnerable and unpatched systems. Details about the vulnerability are still kept private, at least until Monday, when Huntress Labs CEO Kyle Hanslovan promised to release more details. At least 4,800 ConnectWise servers are still exposed online and most likely are still vulnerable, as the patch came late on Friday, and very few administrators learned of it in time to roll out the fix. Read more: ConnectWise Recover and R1Soft Server Backup Manager Critical Security Release