ConnectWise Control Improper Authentication

08/20/2020
Products: ScreenConnect
Severity: Critical
Priority: 1 - High

Vulnerability Details:

Control: CWE-287 - Improper Authentication

Description:

Severity

Critical: Vulnerabilities that could allow the ability to execute remote code or directly access confidential data

Priority

1 - Vulnerabilities that have higher risk of being targeted in the wild. Recommend installing updates as emergency changes or as soon as possible (e.g. within days)

Remediation:

Fixes available for 19.2 and higher stable versions

Partners currently using any version prior to 2019.2 are strongly encouraged to update their systems immediately to ensure that all known security vulnerabilities are patched.

CLOUD:

No action needed. Cloud instances have been automatically updated.

ON-PREMISE:

For Control standalone partners, please note there are some actions you need to take in order to apply this update:

To check if a new build has been released for your Control installation:

  1. Navigate to your Administration/License page.
  2. Expand the Version Check box.
  3. If the Version Check displays a warning, verify that your current version is at least 19.2.
    • If you are on 19.2 or a more recent version, you must install the latest build for your current version to receive the latest security updates.
    • If you are on 19.1 or an earlier version, your license is out of maintenance. You must upgrade your license before installing the latest supported release of Control.
  4. Visit our Download page. Download the same major version as your current installation.
  5. Back up your installation and install the new build by following the on-premises upgrade instructions.

For Automate partners with the Control plugin, to check if a new build has been released for your Control installation visit: Upgrading ConnectWise Control via the Plugin.

Additional Info

ConnectWise Control Improper Authentication

Software Updates

Latest Stable: https://www.connectwise.com/software/control/download

V19.2 - v20.8: https://www.connectwise.com/software/control/download-archive