Home > Cyber News > Severe ConnectWise Vulnerability Creates Supply Chain Risks
CYBER NEWS

Severe ConnectWise Vulnerability Creates Supply Chain Risks

by   |  Last Update:  |  0 Comments  

Severe ConnectWise Vulnerability Creates Supply Chain Risks
A new severe security vulnerability in IT service management software platform ConnectWise has been reported. The vulnerability affects the company’s Recover and R1Soft Server Backup Manager (SBM).

The vulnerability has been described as “Improper Neutralization of Special Elements in Output Used by a Downstream Component,” and affects the following product versions:

  • ConnectWise Recover: Recover v2.9.7 and earlier versions are impacted.
  • R1Soft: SBM v6.16.3 and earlier versions are impacted.

The vulnerability is associated with another upstream authentication bypass issue in the
ZK open source Ajax web application framework, known as CVE-2022-36537, which was addressed in May 2022.




Cybersecurity firm Huntress has created a Proof-of-Concept exploit, thus demonstrating its impact and severity. If exploited, the vulnerability can lead to:

  • Bypass authentication;
  • Uploading a backdoored JDBC database driver to perform code execution attacks;
  • Using the REST API to trigger commands to registered agents to push Lockbit 3.0 ransomware to all downstream endpoints.

“We have worked closely with ConnectWise to advise them of these issues and they have released a patch for Server Backup Manager SE software. Huntress has validated their patch and confirms it is effective against stopping our own proof-of-concept (POC) exploit,” the researchers noted.

How Can the ConnectWise Vulnerability Be Remediated?

Affected ConnectWise Recover SBMs have automatically been updated to the latest version of Recover (v2.9.9), the company noted. As for R1Soft, affected parties should upgrade the server backup manager to SBM v6.16.4 released October 28, 2022 using the R1Soft upgrade wiki.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. CVE-2022-40259: BMC&C Vulnerabilities Create Supply Chain Risk Three new security vulnerabilities that create significant supply chain risk...
  2. The Increased Use of QR Codes During Pandemic Creates Multiple Hacking Risks One of the latest trends in the cybercrime field is...
  3. CVE-2022-36537: ZK Framework Vulnerability Exploited in the Wild CVE-2022-36537 is a highly severe vulnerability in the ZK Framework,...
  4. CVE-2017-18362 Flaw in Kaseya Plugin Exploited to Deliver GandCrab Hackers have used a two-year-old vulnerability in a software package...
  5. CVE-2022-24348: A Major Supply Chain Zero-Day in Argo CD CVE-2022-24348 is a high-severity security vulnerability in Argo CD that...
  6. CVE-2020-36193: 15-Year-Old Bugs in PHP PEAR Could Create Supply-Chain Attacks Security researchers recently identified two critical code vulnerabilities in a...
  7. Google’s SLSA Framework to Protect against Software Supply Chain Attacks Google is working on a solution to help mitigate the...
  8. The Increasing Threat of Software Supply Chain Attacks in 2021 How dangerous are software supply chain attacks? The European Union...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree