CVE-2022-36781 — MEDIUM (5.3)

Q: How severe is CVE-2022-36781?

CVE-2022-36781 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-36781?

Check the references section above for vendor advisories and patch information. Affected products include: Connectwise Screenconnect.

Vulnerability Description

ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting access code combinations. ConnectWise has addressed this issue in later versions by implementing rate-limiting controls as a preventive measure against brute force attacks.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Connectwise	Screenconnect	< 22.7

Related Weaknesses (CWE)

CWE-307

References

https://www.gov.il/en/Departments/faq/cve_advisoriesThird Party Advisory
https://www.gov.il/en/Departments/faq/cve_advisoriesThird Party Advisory

FAQ

What is CVE-2022-36781?

CVE-2022-36781 is a vulnerability with a CVSS score of 5.3 (MEDIUM). ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration....

How severe is CVE-2022-36781?

CVE-2022-36781 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-36781?

Check the references section above for vendor advisories and patch information. Affected products include: Connectwise Screenconnect.