Cve-2024-1708 – screenconnect path traversal exploitation – security

Intel Name: Cve-2024-1708 – screenconnect path traversal exploitation – security

Date of Scan: January 31, 2025

Impact: High

Summary:
This detection identifies file modifications to ASPX and ASHX files in the root of the App_Extensions directory, which can be exploited through the ZipSlip vulnerability in versions before 23.9.8. This occurs during the exploitation of CVE-2024-1708. To capture this, an Advanced Auditing policy must be enabled to log successful Windows Event ID 4663 events, along with a System Access Control List (SACL) configured on the directory.

More Details