US government agencies ordered to take Ivanti VPN products offline>
CSO Online – Lucian Constantin
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive to all federal agencies to disconnect Ivanti Connect Secure and Ivanti Policy Secure solution products from their networks by end of Friday, February 2, 2024, due to four actively exploited vulnerabilities.
While patches are available for these vulnerabilities, the directive advises agencies to disconnect the impacted Ivanti products, perform forensic analysis, clean-up processes, and additional mitigation measures to remove the affected software and mitigate the risks posed by the vulnerabilities.
The directive highlights the need to continue monitoring for any compromised systems and take necessary steps to ensure the security and integrity of network resources.
Private organizations are also advised to consider following the same recommendations as a precautionary measure.
The directive supersedes a previous directive from January 19 and addresses the discovery of two additional vulnerabilities in Ivanti’s solutions, including a privilege escalation vulnerability and a server-side request forgery.
Ivanti’s response includes the release of fixed versions for the impacted products, along with additional security measures such as rebuilding affected devices, updating configuration, and resetting accounts and certificates associated with the Ivanti products to mitigate the risks from the vulnerabilities.
Link: https://www.csoonline.com/article/1303522/us-government-agencies-ordered-to-take-ivanti-vpn-product-offline.html