Intel Name: Cve-2024-1708 – screenconnect path traversal exploitation – security
Date of Scan: January 31, 2025
Impact: High
Summary: This detection identifies file modifications to ASPX and ASHX files in the root of the App_Extensions directory, which can be exploited through the ZipSlip vulnerability in versions before 23.9.8. This occurs during the exploitation of CVE-2024-1708. To capture this, an Advanced Auditing policy must be enabled to log successful Windows Event ID 4663 events, along with a System Access Control List (SACL) configured on the directory.