The Cybersecurity and Infrastructure Security Agency has released an updated emergency directive outlining measures to address a new vulnerability in Ivanti’s Connect Secure and Policy Secure platforms.
Ivanti disclosed that cyberthreat actors are using a new vulnerability affecting its devices to gain access to restricted resources without authentication, CISA said Friday.
CISA’s Supplemental Direction V2 provides new security measures to address the system weakness, including a requirement for federal civilian agencies running the affected software versions to apply appropriate security updates.
According to the directive, agencies must continue threat hunting on any systems connected to the affected Ivanti devices, monitor potentially exposed authentication and identity management services, isolate the systems from any enterprise resources and audit privilege-level access accounts.
The updated directive supersedes a previously released executive directive warning against Ivanti device vulnerabilities that enable malicious threat actors to exfiltrate data and establish persistent system access.