Skip to Main Content
Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and
follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.


🥴 See something off? Open a support chat to let us know.

Categories Windows Server
Created by Guest
Created on Feb 20, 2024

Windows Server: Servers with ScreenConnect Version 23.9.7 or Lower [CWE-288/CWE-22]

Checks to see if the server is running a ScreenConnect version that is 23.9.7 or lower. This will determine if the software needs to be upgraded to mitigate the recently vulnerability announced by ConnectWise: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

This query will work for our windows workstation inspector as well.

Query

Software[? contains(Name, `ScreenConnect`) && DisplayVersion <= `23.9.7`].[Name, DisplayVersion, `Upgrade to Version 23.9.8`]

  • Attach files
  • Ted Thueson
    Reply
    |
    Feb 27, 2024

    I've adjusted this to not fuzzy match "ScreenConnect" since this vulnerability does not apply to client installations (from my understanding). Obviously, it's good to check over the client versions as well, but this will further scope things down to catch only SC server installations.


    Software[?Name == `ScreenConnect` && DisplayVersion <= `23.9.7`].{"Name": Name,"DisplayVersion": DisplayVersion,"Action": `Upgrade to Version 23.9.8`}