ConnectWise Automate 2022.9 Security Fix

09/08/2022
Products: Automate
Severity: Important
Priority: 1 - High

Vulnerability 

CWE-284 Improper Access Control

Severity 

Important—Vulnerabilities that could compromise confidential data or other processing resources but require additional access / privilege to do so. 

Priority  

1—Vulnerabilities that are either being targeted or have a higher risk of being targeted by exploits in the wild. Recommend patching as soon as possible.  

Affected versions 

ConnectWise Automate versions 2022.8 and earlier are impacted.  

Remediation 

CLOUD: 

Cloud instances have already been updated to the latest Automate release.  

ON-PREMISE: 

Apply the 2022.9 patch.

Review the ConnectWise Automate Comprehensive Security Best Practice Guide and ensure your environment is configured appropriately relating to network hardening guidelines and best practices for your Automate environment.

Note: While Automate remote agent updates are recommended, an update to the remote agent is not a requirement to remediate this vulnerability.

Additional information 

https://home.connectwise.com/securityBulletin/6319f96640fd840001ac70cd

Software updates 

https://university.connectwise.com/University/automateresources/productsandupdates.aspx