CIO Influence
CIO Influence News Security

Ivanti Connect Secure and Policy Secure Vulnerabilities: CISA Emergency Directive

Ivanti Connect Secure and Policy Secure Vulnerabilities: CISA Emergency Directive

The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 24-01 in response to observed widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure appliances by malicious cyber threat actors. This Emergency Directive directs all federal civilian agencies to immediately take specific actions and implement vendor mitigation guidance to these Ivanti appliances. While only binding on Federal Civilian Executive Branch agencies, CISA urges all organizations using these products to urgently implement the mitigations outlined in this Directive.

PREDICTIONS SERIES 2024 - CIO Influence

Read More: Fortanix Data Security Manager SaaS Now Available in AWS Marketplace

Last week, Ivanti released information regarding two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, that allow an attacker to move laterally across a target network, perform data exfiltration, and establish persistent system access. CISA has determined an Emergency Directive is necessary based on the widespread exploitation of these vulnerabilities by multiple threat actors, prevalence of the affected products in the federal enterprise, high potential for compromise of agency information systems, and potential impact of a successful compromise.

“The vulnerabilities in these products pose significant, unacceptable risks to the security of the federal civilian enterprise. As America’s cyber defense agency and the operational lead for federal civilian cybersecurity, we must take urgent action to reduce risks to the federal systems upon which Americans depend,” said CISA Director Jen Easterly. “Even as federal agencies take urgent action in response to this Directive, we know that these risks extend to every organization and sector using these products. We strongly urge all organizations to adopt the actions outlined in this Directive.”

Read More: Uptycs is named a Notable Vendor in Leading Analyst Firm’s Cloud Workload Security Report

As federal civilian agencies implement this mandate, CISA will assess and support agency adherence and provide additional resources as required. CISA is committed to using its cybersecurity authorities to gain greater visibility and drive timely risk reduction across federal civilian agencies.

Read More: Precision Computer Services Forges Strategic Partnership with Third Wave Innovations to Enhance Client Cybersecurity and Compliance

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

TeamGRIT Targets Japan’s Robotics Market Through Global Partnership

CIO Influence News Desk

Mute Selects Infor to Transform its Technology and Strengthen Overseas Expansion

PR Newswire

SpaceNet Deploys LogRhythm’s SIEM Platform to Provide Enhanced Cybersecurity for Small and Medium-Sized Enterprises

CIO Influence News Desk