Description
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests.
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
https://know.bishopfox.com/advisories
Exploit, Third Party Advisory x_refsource_misc
https://know.bishopfox.com/advisories/connectwise-control
Exploit, Third Party Advisory x_refsource_misc
https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34
Third Party Advisory x_refsource_misc
https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox
Third Party Advisory x_refsource_misc
https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox
Scores
CVSS v3
8.8
EPSS
0.0101
EPSS Percentile
58.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
connectwise/control
19.3.25270.7185
Published
Jan 23, 2020
Tracked Since
Feb 18, 2026