ConnectWise Automate API Vulnerability

06/10/2020
Products: Automate
Severity: Critical
Priority: 1 - High

Vulnerability Details:

CVSS Score: 7.8

Description:

A remote authenticated user could exploit a vulnerability in a specific Automate API and execute commands and/or modifications within an individual Automate instance.

Remediation:

CLOUD PARTNERS:

  • ConnectWise had applied mitigating controls to block any potential exploitation and has applied the hotfix across all environments as of 8:45 pm Eastern Time, June 10, 2020.

ON-PREMISE PARTNERS:

  • On-premise partners should immediately consider the mitigating controls detailed here.
  • Hotfix for version 2020.5 is available here and the .exe file is here.
  • Hotfix for version 2020.4 is available here and the .exe file is here.
  • Hotfix for version 2020.3 is available here and the .exe file is here.
  • Hotfix for version 2020.2 is available here and the .exe file is here.
  • Hotfix for version 2020.1 is available here and the .exe file is here.
  • Hotfixes for older versions will be available in the coming days.
  • On-going updates on these hotfixes are available here.