""ET WEB_SPECIFIC_APPS ConnectWise ScreenConnect - SetupWizard Auth Bypass Vulnerable Version Detected (CVE-2024-1709 CVE-2024-1708)""
SID: 2050990
Revision: 1
Class Type: web-application-activity
Metadata: attack_target Web_Server, tls_state TLSDecrypt, created_at 2024_02_21, cve CVE_2024_1709, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Informational, updated_at 2024_02_21, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application
Reference:
-
cve
-
2024-1708
Protocol: tcp
Source Network: [$HOME_NET,$HTTP_SERVERS]
Source Port: any
Destination Network: any
Destination Port: any
Flow: established,to_client
Contents:
- Value: "Server|3a 20|ScreenConnect/"
Within:
PCRE: "/^(?:[3456789]|2(?:[012]|3.(?:[012345678]|9.[1234567]))?|1\d?)./R"
Special Options:
- fast_pattern