// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / ConnectWise
Breach Record

ConnectWise

DISCLOSED 2024-02-19 · UNPATCHED CVE · RANSOMWARE

A critical authentication bypass vulnerability (CVE-2024-1709) in ConnectWise ScreenConnect was exploited by the Play ransomware group to breach managed service providers and downstream customers. The flaw allowed attackers to create administrative accounts and deploy ransomware. ConnectWise released patches on February 19, 2024, but attacks began shortly after disclosure.

The record

What we know

Disclosed
2024-02-19
Attack vector
Unpatched Cve
Sector
Technology
Country
US
Domain
connectwise.com
RANSOMWARE ENDPOINT INVOLVED
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · would prevent · opinion

A positive-security model that snapshots a known-good state and rejects unauthorized changes would likely have blocked the exploitation of the authentication bypass vulnerability, as the attacker's attempt to create new admin users or modify system files would deviate from the approved baseline.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other unpatched cve breaches on file

This page is the permanent ColdRecon entry for the ConnectWise disclosure. It updates if new public reporting emerges. All tracked breaches →

ConnectWise just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →