CIO Influence
CIO Influence News Security

Ivanti Connect Secure and Policy Secure Vulnerabilities: CISA Emergency Directive

Ivanti Connect Secure and Policy Secure Vulnerabilities: CISA Emergency Directive

The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 24-01 in response to observed widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure appliances by malicious cyber threat actors. This Emergency Directive directs all federal civilian agencies to immediately take specific actions and implement vendor mitigation guidance to these Ivanti appliances. While only binding on Federal Civilian Executive Branch agencies, CISA urges all organizations using these products to urgently implement the mitigations outlined in this Directive.

PREDICTIONS SERIES 2024 - CIO Influence

Read More: Fortanix Data Security Manager SaaS Now Available in AWS Marketplace

Last week, Ivanti released information regarding two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, that allow an attacker to move laterally across a target network, perform data exfiltration, and establish persistent system access. CISA has determined an Emergency Directive is necessary based on the widespread exploitation of these vulnerabilities by multiple threat actors, prevalence of the affected products in the federal enterprise, high potential for compromise of agency information systems, and potential impact of a successful compromise.

“The vulnerabilities in these products pose significant, unacceptable risks to the security of the federal civilian enterprise. As America’s cyber defense agency and the operational lead for federal civilian cybersecurity, we must take urgent action to reduce risks to the federal systems upon which Americans depend,” said CISA Director Jen Easterly. “Even as federal agencies take urgent action in response to this Directive, we know that these risks extend to every organization and sector using these products. We strongly urge all organizations to adopt the actions outlined in this Directive.”

Read More: Uptycs is named a Notable Vendor in Leading Analyst Firm’s Cloud Workload Security Report

As federal civilian agencies implement this mandate, CISA will assess and support agency adherence and provide additional resources as required. CISA is committed to using its cybersecurity authorities to gain greater visibility and drive timely risk reduction across federal civilian agencies.

Read More: Precision Computer Services Forges Strategic Partnership with Third Wave Innovations to Enhance Client Cybersecurity and Compliance

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Active Cyber Hires Brandon Britton to Launch Analytics Practice as Part of Their Strategic Shift

PR Newswire

Comcast’s Internet Essentials Program Teams Up with Texas Education Agency to Connect Texas Students and Families with Internet Access at Home

PingSafe Announces Strategic MSSP Partnership With Human Managed

Business Wire