ConnectWise, a company that makes IT management software, announced updates Friday that address a significant vulnerability. According to cyber security professionals, this weakness leaves thousands of servers vulnerable to attack.
The backup and disaster recovery software ConnectWise Recover (versions 2.9.7 and later) and the R1Soft Server Backup Manager are also vulnerable to the issue, defined as “improper disabling of special components in the output used by a downstream component” (version 6.16.3 and later).
The problem is a serious vulnerability that allows remote arbitrary code execution. The vulnerability has been assigned a priority rating of 1, indicating that it is either targeted by hackers or has a high potential for exploitation in the wild. The provider assigned it a priority level of 1.
users of ConnectWise Recover You are strongly encouraged to update to version 2.9.9, while R1Soft users are strongly encouraged to update to version 6.16.4.
Researchers working at MDR Huntress were the ones who uncovered the vulnerability. Company CEO Kyle Hanslovan stated that Huntress may release more information as early as Monday, but he also mentioned that the ConnectWise patch is still being verified.
According to Hanslovan, Huntress researchers demonstrated how they could distribute ransomware to approximately 5,000 Internet-accessible R1Soft servers, most of which are located in the North American and European regions. Given that many of the compromised systems are owned by cloud hosting providers and MSPs, Hanslovan also recognized the possibility of an impact on the supply chain.
Servers exposed to the Internet could be compromised due to a serious vulnerability in ConnectWise.
Concerns were voiced by several professionals working in the cybersecurity industry about the existence of the vulnerability as well as the fact that the patch was announced on Friday. Due to the fact that the patch was announced on Friday, it is more likely that the affected servers will remain unpatched until Monday, leaving those servers open to potential attacks that could begin over the weekend.
