Eight vulnerabilities in ConnectWise's software for managed service providers (MSPs) could enable an attacker to connect to and silently execute code on any desktop managed by the software — and they might have been behind the ransomware infections that hit Texas government agencies last August, said security consultancy Bishop Fox in an advisory today.
Individually, the vulnerabilities are mostly not severe, with only one — a cross-site request forgery (CSRF) flaw — deemed critical. Together, however, the eight issues — six of which are assigned Common Vulnerability Enumeration (CVE) identifiers — could have been combined to create an attack chain that could compromise a ConnectWise Control server and, from there, any attached clients, Bishop Fox stated.
"An attacker that exploits the full attack chain can achieve unauthenticated remote code execution, resulting in compromise of the ConnectWise Control Server and ultimately the endpoint it has been installed on," says Daniel Wood, the associate vice president of consulting for Bishop Fox. "This would provide full control over the vulnerable endpoint."
The company and a third party confirmed the vulnerabilities and found that ConnectWise had patched some of the issues in the fall with little to no notice. The attack chain has similarities to some of the reported details of the August attack on Texas local and state agencies, Wood said in the published advisory.
Multifactor authentication, for example, would likely not have helped the Texas agencies, according to press reports. ..
Support the originator by clicking the read the rest link below.
