Wake-Up Call: What the ConnectWise Control Security Vulnerabilities Mean for MSPs
The vulnerabilities highlight the gaps in security for MSPs using RMM tools, and the urgent need to patch systems.
January 28, 2020
Last week, multiple security flaws were found in ConnectWise Control, a remote control software product in the MSP software community, according to cybersecurity consulting firm Bishop Fox and validated by Huntress Labs. The software was found to contain eight security vulnerabilities that could give hackers the ability to create an “attack chain” that would allow cybercriminals to hijack an MSP’s systems and compromise their customers’ devices.
Individually, the vulnerabilities were not deemed not severe, according to Bishop Fox. Only one, a cross-site request forgery (CSRF) flaw, was flagged as critical. All together, however, the eight issues could have been combined to create an attack chain that, by its very definition, could have snowballed to the point where it compromised a ConnectWise Control server and, from there, any connected clients.