Widespread ConnectWise RCE vulnerability addressed

ConnectWise has patched a critical flaw impacting the ConnectWise Recover and R1Soft Server Backup Manager secure backup solutions, which could be exploited to facilitate remote code execution or unauthorized data access, according to BleepingComputer. Such a flaw was also regarded by ConnectWise to be a high-priority issue, indicative of high risk of exploitation or ongoing in-the-wild abuse. Threat actors could leverage the vulnerability to enable ransomware delivery to internet-exposed R1Soft servers, noted Huntress Labs CEO Kyle Hanslovan. Over 4,800 R1Soft servers have been discovered in a Shodan search to be connected to the internet and could be impacted by exploits. While ConnectWise said that ConnectWise Recover SBMs impacted by the flaw have already been automatically updated, users of the R1Soft system are urged to apply the SBM v6.16.4 server backup manager upgrade through the R1Soft upgrade wiki. Meanwhile, experts noted that ConnectWise's release of a patch at the end of the week may increase the risk of exploit development and the targeting of vulnerable instances.