A new emergency directive from the Cybersecurity and Infrastructure Security Agency is urging all federal civilian agencies to implement measures to mitigate online threats associated with vulnerabilities found in Ivanti’s Connect Secure and Policy Secure platforms.
CISA on Friday published the directive after Ivanti disclosed two vulnerabilities that malicious cyber actors use to infiltrate and move laterally through a target network, exfiltrate data and set up a persistent system access.
The agency has laid out a mitigation guidance that includes a downloadable and importable .xml file into the affected Ivanti Secure appliance. Federal departments should also run the Ivanti External Integrity Checker Tool to reboot the product. Suspected compromised appliances should be reported to CISA’s central e-mail address at central@cisa.dhs.gov.
Agencies can still restore and revive compromised platforms using Ivanti’s instructions in the emergency directive.
“The vulnerabilities in these products pose significant, unacceptable risks to the security of the federal civilian enterprise,” said CISA Director Jen Easterly. “Even as federal agencies take urgent action in response to this Directive, we know that these risks extend to every organization and sector using these products. We strongly urge all organizations to adopt the actions outlined in this Directive,” the three-time Wash100 awardee added.
