Please note that a new vulnerability has been discovered that affects the application “Connectwise ScreenConnect”. This vulnerability can be exploited by malicious actors to gain unauthorised access, compromise sensitive data, or disrupt normal operations. Connectwise ScreenConnect is used by ONGC Systems for remote access to managed devices.

Vulnerability NameCVE-2024-1709
SeverityCRITICAL
CVSS10
Affected ProductsConnectwise ScreenConnect

Description:

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

What this means for all ONGC Customers:

We want to assure you that our expert team has pro-actively patched & remediated the vulnerability on the day of its release. None of our customer were at risk of the vulnerability being exploited since its release and no further action is required. All ONGC’s applications are up-to-date and monitored in real time.