The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical emergency directive in response to severe vulnerabilities discovered in Ivanti Connect Secure and Ivanti Policy Secure products. This urgent directive, aimed at all Federal Civilian Executive Branch (FCEB) agencies, calls for immediate action to mitigate the risks posed by two zero-day flaws, CVE-2023-46805 and CVE-2024-21887.
These vulnerabilities have been exploited in widespread and active attacks by multiple threat actors, including a suspected Chinese state-backed group. The directive outlines specific actions that federal agencies must undertake to mitigate the risks associated with these vulnerabilities.
Why it matters: The directive reflects the severity and urgency of the threat posed by these vulnerabilities, which enable attackers to execute arbitrary commands, move laterally within networks, exfiltrate data, and establish persistent system access. The wide range of affected organizations, including government and military departments, telecom companies, and financial institutions, underscores the potential for significant national security and economic impacts.
- CISA’s directive, Emergency Directive ED 24-01, requires federal agencies to implement Ivanti’s publicly disclosed mitigation measures, report compromises, and remove compromised products from networks. Agencies must also reset passwords, revoke certificates, and apply updates within 48 hours of their release.
- Ivanti has provided temporary mitigations and is expected to release comprehensive fixes. Agencies must follow specific recovery instructions, including revoking and reissuing certificates and resetting passwords.
- Attackers have been observed deploying cryptocurrency miners and various malware strains. The attacks have targeted a diverse range of sectors, highlighting the broad impact of these vulnerabilities.
- Over 2,100 devices globally have been backdoored using a GIFTEDVISITOR webshell variant.
ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities – CISA
CISA Issues Emergency Directive to Federal Agencies at Risk of Ivanti VPN Hack – Spiceworks