"CISA Issues Emergency Directive Requiring Federal Agencies to Mitigate Ivanti Connect Secure and Policy Secure Vulnerabilities"

The Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 24-01 in response to the widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure appliances. Ivanti recently released information about two vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, which enable an attacker to move laterally across a target network, exfiltrate data, and gain persistent system access. CISA has determined that an Emergency Directive is required due to the widespread exploitation of these vulnerabilities by multiple threat actors, the prevalence of impacted products in the federal enterprise, the high risk of agency information systems being compromised, and the potential effects of a successful compromise. This article continues to discuss the Emergency Directive issued by CISA regarding the mitigation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure appliances. 

CISA reports "CISA Issues Emergency Directive Requiring Federal Agencies to Mitigate Ivanti Connect Secure and Policy Secure Vulnerabilities"

Submitted by grigby1