The tech provider ConnectWise disclosed a severe remote code execution flaw that exposed thousands of servers to cyber threats. ConnectWise has patched the vulnerability with the latest Recover and R1Soft releases. Users must ensure upgrading to the patched versions to avoid any exploitation attempts.
ConnectWise Remote Code Execution Flaw
According to a recent advisory, ConnectWise has fixed a critical security flaw affecting its servers. Exploiting the vulnerability allows a remote attacker to execute codes and access confidential data.
ConnectWise is a dedicated technology provider focused on providing secure business solutions regarding cybersecurity, remote access and endpoint management, and other managed services to a vast clientele. The firm claims to be one of the largest technology providers globally.
This widespread customer base for its solutions suggests that any vulnerabilities affecting its products can directly impact thousands of businesses globally.
The vulnerability first caught the attention of a security researcher with the alias “frycos”. It then attracted Kyle Hanslovan of HuntressLabs, who disclosed that exploiting the issue may even allow ransomware attacks.
In his tweet, Hanslovan briefly shared how they could target more than 5000 vulnerable R1Soft servers via Shodan search.
Whelp, wasn’t expecting this ConnectWise RCE to become public today. Guess we’ll publish on Monday how @HuntressLabs went from a researcher’s tweet to the ability to push ransomware through ~5,000 R1Soft servers that are exposed on Shodan. #staytuned https://t.co/HroDdZ5NYI pic.twitter.com/mHLu6zpwic
— Kyle Hanslovan (@KyleHanslovan) October 28, 2022
HuntressLabs also pledged to elaborate more on their findings separately.
ConnectWise Deployed A Fix
As ConnectWise mentioned, the issue affected the ConnectWise Recover version 2.9.7 (and earlier) and R1Soft Server Backup Manager (SBM) version 6.16.3 (and earlier).
Following the discovery of the RCE, ConnectWise rushed to deploy a patch, which they subsequently released with the following product releases.
- ConnectWise Recover version 2.9.9. The firm confirmed that the vulnerable Recover SBMs have been automatically upgraded to the latest release.
- ConnectWise R1Soft SBM v6.16.4. Users must manually upgrade their servers to the patched release.
While the patches have been released, the high exploitation risk associated with the vulnerability demands all users to ensure upgrading their systems at the earliest. Therefore, users must double-check for security updates and upgrade their systems to the patched versions if not done automatically.