The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a ConnectWise ScreenConnect vulnerability, tracked as CVE-2024-1709, to its Known Exploited Vulnerabilities (KEV) catalog.

The vulnerability is an authentication bypass vulnerability issue that an attacker with network access to the management interface can exploit to create a new, administrator-level account on affected devices.