"High-Risk ConnectWise Automate Vulnerability Fixed, Admins Urged to Patch ASAP"
ConnectWise Automate, a popular remote monitoring and management tool, has been patched to address a vulnerability that could allow attackers to compromise confidential data or other processing resources. The vulnerability's severity is considered "important," because exploiting it requires additional access and/or privilege, but ConnectWise advises administrators of on-premise instances to patch it as soon as possible. The company has not stated whether the vulnerability is being exploited in the wild, but it does classify the priority with which it should be fixed as "High," indicating that it is a flaw that is either being targeted or has a high risk of being targeted by exploits in the wild. The vulnerability impacts ConnectWise Automate versions 2022.8 and earlier, and administrators should upgrade to apply the 2022.9 patch, which is also only available to people who have an account. Vulnerabilities in the solution have previously been exploited. However, in that case, the flaw allowed remote attackers to execute commands and/or modifications within a single Automate instance and deliver ransomware. This article continues to discuss the severity and potential impact of the vulnerability in ConnectWise Automate.