Hello, Guest!

Federal Civilian

Agencies Receive New CISA Mandate to Patch Active Exploits in Ivanti Software

Emergency directive

Agencies Receive New CISA Mandate to Patch Active Exploits in Ivanti Software

The Cybersecurity and Infrastructure Security Agency has ordered government agencies to immediately work to mitigate two actively exploited vulnerabilities in Ivanti’s Connect Secure and Policy Secure products.

Implementing Emergency Directive 24-01 is mandatory for federal civilian executive branch agencies and strongly recommended for other organizations using such products, CISA said Friday.

The agency said issuing an emergency directive was necessary given the vulnerabilities’ prevalence across federal systems and the potential impact of compromise.

Attackers could use the exploits to move laterally across a network, steal data and establish persistent access, CISA explained.

The agency added that it would assess and support agencies’ compliance with the emergency directive.

In 2023, CISA and the Norwegian National Cyber Security Centre issued a joint cybersecurity advisory on another actively exploited vulnerability in a different Ivanti product. The security flaw allowed attackers to compromise a Norwegian government agency network and steal information from several businesses.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Federal Civilian

Category: Federal Civilian

Tags: actively exploited vulnerability Cybersecurity and Infrastructure Security Agency emergency directive federal civilian Ivanti persistent access