Critical ConnectWise Vulnerability Affects Thousands of Internet-Exposed Servers
ConnectWise, a company that makes software for IT management, made an announcement on Friday about updates that address a significant vulnerability. According to cybersecurity professionals, this weakness leaves thousands of servers vulnerable to attacks.
The ConnectWise Recover backup and disaster recovery software (versions 2.9.7 and older) as well as the R1Soft server backup manager are also vulnerable to the issue, which has been defined as “improper neutralisation of special components in output used by a downstream component” (v6.16.3 and earlier).
The problem is a severe vulnerability that allows arbitrary code to be executed remotely. The vulnerability has been given a priority rating of 1, which suggests that it is either being targeted by hackers or that there is a high possibility of it being exploited in the wild. The vendor has assigned it a priority level of 1.
Users of ConnectWise Recover have been strongly encouraged to update to version 2.9.9, while users of R1Soft are strongly encouraged to update to version 6.16.4.
Researchers working for the MDR company Huntress were the ones who uncovered the vulnerability. The company’s chief executive officer, Kyle Hanslovan, stated that Huntress may publish more information as early as Monday, but he also mentioned that ConnectWise’s patch is still being verified.
According to Hanslovan, Huntress researchers demonstrated how they might distribute ransomware to about 5,000 internet-accessible R1Soft servers, the majority of which are situated in the regions of North America and Europe. In light of the fact that many of the compromised systems are owned by cloud hosting providers and MSPs, Hanslovan has also acknowledged the possibility of an impact on the supply chain.
Servers that are open to the internet could be compromised by a severe vulnerability in ConnectWise.
Concerns were voiced by a number of professionals working in the cybersecurity industry regarding the existence of the vulnerability as well as the fact that the patch was announced on a Friday. Due to the fact that the patch was announced on a Friday, it is more likely that affected servers will remain unpatched until Monday, leaving those servers vulnerable to potential attacks that could begin over the weekend.