// For flags

CVE-2022-36781

ConnectWise - ScreenConnect Session Code Bypass

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting access code combinations. ConnectWise has addressed this issue in later versions by implementing rate-limiting controls as a preventive measure against brute force attacks.

WiseConnect - Una Omisión de Código de Cesión de ScreenConnect. Un atacante tendría que usar un proxy para monitorizar el tráfico, y llevar a cabo una fuerza bruta en el código de sesión para poder entrar. Datos confidenciales sobre la empresa , entrar en una sesión

*Credits: Gad Abuhatziera Sophtix Security LTD
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-07-26 CVE Reserved
  • 2022-09-28 CVE Published
  • 2024-04-03 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC
References (1)
URL Tag Source
https://www.gov.il/en/Departments/faq/cve_advisories Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Connectwise
Search vendor "Connectwise"
 Screenconnect
Search vendor "Connectwise" for product "Screenconnect"
 < 22.7
Search vendor "Connectwise" for product "Screenconnect" and version " < 22.7"
-
Affected