×

Get the Best GovCon News Straight to your Inbox

Only read what's relevant to you

Potomac officers club sends personalized News and Updates straight to your inbox

*By clicking "Join us now" you agree to receive emails, promotions and general messages from Potomac Officers Club. In addition, you also agree to Potomac Officers Club's Privacy Policy and Terms & Conditions.

x

Cybersecurity

CISA Releases Emergency Directive Amid Discovery of Vulnerabilities in VMware Products

Cybersecurity alert

CISA Releases Emergency Directive Amid Discovery of Vulnerabilities in VMware Products

The Cybersecurity and Infrastructure Security Agency announced that federal agencies have a May 23 deadline to resolve vulnerability issues in five products from cloud computing company VMware that could allow attackers to have deep access without the need to authenticate. The agency said in an emergency directive that the discovered vulnerabilities put federal networks and systems at immediate risk, Federal News Network reported Wednesday.

In its directive, CISA warned that the discovered vulnerabilities pose an unacceptable risk to federal civilian executive branch agencies and require emergency action. Specifically, the agency said that the vulnerabilities exist in VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.

CISA Director Jen Easterly said the emergency directive was issued to ensure that federal civilian agencies “take urgent action to protect their networks.” She urged all agencies to immediately take the recommended steps to ensure the security of their networks.

CISA’s directive calls on agencies to remove affected VMware products from their networks until the issues have been patched up. It also directs information security officers to report any anomalies they have identified.

In April, VMware discovered vulnerabilities in its products and released the necessary remedies to customers. However, CISA emphasized that the vulnerabilities it is currently worried about are new, only revealed by VMware on May 18. The agency added that it “expects threat actors to quickly develop a capability to exploit these newly released vulnerabilities.”

The latest emergency directive is the tenth issued by CISA since January 2019.

GovCon Wire Logo

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Category: Cybersecurity

Tags: cyber vulnerabilities cybersecurity Cybersecurity and Infrastructure Security Agency Federal News Network Jen Easterly VMware