CVE-2019-16512

low-risk

Published 2020-01-23

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier.

Do I need to act?

0.43% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.8/10 Medium

NETWORK / LOW complexity

Control

Connectwise

Exploit https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-...

Third Party Advisory https://know.bishopfox.com/advisories

Exploit https://know.bishopfox.com/advisories/connectwise-control

Third Party Advisory https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulne...

Third Party Advisory https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chai...

Exploit https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-...

Third Party Advisory https://know.bishopfox.com/advisories

Exploit https://know.bishopfox.com/advisories/connectwise-control

Third Party Advisory https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulne...

Third Party Advisory https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chai...

/ 100

low-risk

Severity 19/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 5/34 · Minimal