New CISA Advisory Offers Fixes for Ivanti Gateways’ Vulnerabilities

The Cybersecurity and Infrastructure Security Agency, along with the FBI and other partners, have issued a new advisory warning on the multiple vulnerabilities within the Ivanti Connect Secure and Ivanti Policy Secure gateways.

The advisory provides detection methods, such as Volexity’s open-source YARA, which network defenders can use to hunt for malicious activity. To deter potential cyberattacks, network owners should also run the most recent Ivanti external integrity checker tool and apply Ivanti’s patching guidance as updated versions become available, CISA said Thursday.

The agency further advises that credentials stored in the affected Ivanti Remote Access VPN are likely to be compromised. With the detection of a potential cyberthreat, CISA urges organizations to collect and analyze logs for malicious activity and follow the advisory’s incident response recommendations.

In January, CISA issued Emergency Directive 24-01, ordering government agencies’ immediate action on mitigating the two actively exploited Ivanti vulnerabilities.

CISA said that in its response to several cyberattacks on the Ivanti gateways, it noted malicious actors exploiting their common vulnerabilities and exposures by implanting web shells to harvest stored credentials.