Executive Summary

This vulnerability in the ScreenConnect™ Certificate Signing Extension allows encrypted configuration values, including an Azure Key Vault-related key, to be returned to unauthenticated users through a client-facing endpoint under certain conditions. Although the values remain encrypted and securely stored at rest, their encrypted representations could be exposed in client responses. The issue occurs because configuration handling was not exclusively server-side in versions prior to 1.0.12. Updating to version 1.0.12 or higher prevents these encrypted values from being transmitted or rendered by client-side components. [1]

Useful 0 Not Useful 0

Impact Analysis

The vulnerability could expose encrypted configuration data to unauthenticated users, potentially leaking sensitive information in encrypted form. While the data remains encrypted and secure at rest, the exposure of encrypted values could aid attackers in reconnaissance or further attacks. The CVSS score of 5.3 indicates moderate severity, with a network attack vector and low complexity. The impact is primarily on confidentiality, with no direct impact on integrity or availability. On-premises deployments need to update to version 1.0.12 or later to mitigate this risk. [1]

Useful 0 Not Useful 0

Detection Guidance

Detection involves identifying if your deployment is using a vulnerable version of the ScreenConnect Certificate Signing Extension prior to version 1.0.12. Since the vulnerability causes encrypted configuration values to be returned to unauthenticated users via a client-facing endpoint, you can attempt to access the client-facing endpoint and inspect responses for the presence of encrypted configuration data. Specific commands are not provided in the resources, but you may use network traffic inspection tools (e.g., curl or wget) to send requests to the client-facing endpoint and analyze the responses for encrypted configuration values. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to update the ScreenConnect Certificate Signing Extension to version 1.0.12 or higher. This update ensures that configuration handling occurs exclusively on the server side, preventing encrypted configuration values from being transmitted to or rendered by client-side components. For cloud-hosted ScreenConnect servers (screenconnect.com and hostedrmm.com), no action is required as these have already been updated. On-premises deployments must manually update to version 1.0.12 or later to remediate the vulnerability and gain the latest security improvements. [1]

Useful 0 Not Useful 0

Compliance Impact

The vulnerability could potentially impact compliance with standards like GDPR and HIPAA because it involves the exposure of encrypted configuration values to unauthenticated users, which may be considered a data confidentiality risk. Although the values remain encrypted and securely stored at rest, the transmission of encrypted sensitive information to unauthorized parties could be viewed as a data exposure incident under these regulations. Mitigation by updating to version 1.0.12 or higher prevents this exposure by ensuring configuration handling occurs only on the server side. [1]

Useful 0 Not Useful 0