WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency issued Emergency Directive 24-01 in response to observed widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure appliances by malicious cyber threat actors.
This Emergency Directive directs all federal civilian agencies to immediately take specific actions and implement vendor mitigation guidance to these Ivanti appliances.
While only binding on Federal Civilian Executive Branch agencies, CISA urges all organizations using these products to urgently implement the mitigations outlined in this Directive.
Last week, Ivanti released information regarding two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, that allow an attacker to move laterally across a target network, perform data exfiltration, and establish persistent system access.
CISA has determined an Emergency Directive is necessary based on the widespread exploitation of these vulnerabilities by multiple threat actors, prevalence of the affected products in the federal enterprise, high potential for compromise of agency information systems, and potential impact of a successful compromise.
As federal civilian agencies implement this mandate, CISA will assess and support agency adherence and provide additional resources as required.
CISA is committed to using its cybersecurity authorities to gain greater visibility and drive timely risk reduction across federal civilian agencies.
About CISA. As the nation's cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.
This Cyber News was published on www.cisa.gov. Publication date: Fri, 19 Jan 2024 20:13:05 +0000