ConnectWise Automate 2023.1 Security Fix

01/12/2023
Products: Automate
Severity: Important
Priority: 2 - Moderate

Vulnerability 

CWE-295 Improper Authorization 

Severity 

Important - Vulnerabilities that could compromise confidential data or other processing resources but require additional access / privilege to do so. 

Priority  

2 - Vulnerabilities that have elevated risk, but exploits are neither known nor anticipated to be imminent. Recommend updates be prioritized against normal change management timelines but no longer than 30 days. 

Affected versions 

ConnectWise Automate versions 2022.12 and earlier are impacted. 

Remediation 

CLOUD: 

Cloud instances have already been updated to the latest Automate release. 

ON-PREMISE: 

Apply the 2023.1 release. 

Note: While Automate remote agent updates are recommended, an update to the remote agent is not a requirement to remediate this vulnerability. 

Additional information 

ConnectWise Home security bulletin