"Using multiple security flaws in ConnectWise Control, hackers could create an “attack chain” that gives cyber-criminals the ability to hijack an MSP’s systems as well as their customers’ devices,... The eight flaws named by Bishop Fox are: cross-site scripting, CORS (Cross-Origin Resource Sharing) misconfiguration, cross-site request forgery, information disclosure, remote code execution, user enumeration, missing security headers and insecure cookie scope. 'The flaws in general, they’re serious in their own right, but when you start taking a look at chaining the vulnerabilities together, [it’s even worse]. We call them basically attack chaining,'..." https://www.crn.com/news/managed-se...ecurity-vulnerabilities-are-severe-bishop-fox