CVE-2024-1708 Emerging Threat Coverage

Summary

CVE-2024-1708 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2024. Coverage centers on windows / file_event, windows / security.

Related Detections

Search this threat

Emerging Threatmediumtest

CVE-2024-1708 - ScreenConnect Path Traversal Exploitation

This detects file modifications to ASPX and ASHX files within the root of the App_Extensions directory, which is allowed by a ZipSlip vulnerability in versions prior to 23.9.8. This occurs during exploitation of CVE-2024-1708.

WindowsFile Event

TA0003 · Persistencecve.2024-1708detection.emerging-threats

Matt Anderson+3Wed Feb 212024

Emerging Threatcriticaltest

CVE-2024-1708 - ScreenConnect Path Traversal Exploitation - Security

This detects file modifications to ASPX and ASHX files within the root of the App_Extensions directory, which is allowed by a ZipSlip vulnerability in versions prior to 23.9.8. This occurs during exploitation of CVE-2024-1708. This requires an Advanced Auditing policy to log a successful Windows Event ID 4663 events and with a SACL set on the directory.

Windowssecurity

TA0001 · Initial AccessTA0003 · Persistencecve.2024-1708detection.emerging-threats

Matt Anderson+2Tue Feb 202024

References