The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has kicked off the year with an emergency directive that demands immediate action from Federal Civilian Executive Branch (FCEB) agencies. This directive is in response to the discovery of zero-day vulnerabilities in products from Ivanti, a Utah-based software company.
On January 10, 2024, Ivanti publicly acknowledged the existence of vulnerabilities within its Connect Secure VPN and Policy Secure products. The day following this disclosure, the company observed a significant uptick in threat actor activity, indicating that these vulnerabilities were being actively exploited. The vulnerabilities in question are:
When these two vulnerabilities are chained together, they could potentially allow attackers to move laterally within a target’s network, exfiltrate data and establish persistent system access by deploying backdoors.
CISA has reported that approximately 15 agencies were using the vulnerable devices. However, these agencies have since mitigated the bugs swiftly and effectively.
In response to these vulnerabilities, Nuspire has taken proactive measures to protect its clients. The firm is actively threat hunting for indications of compromise within client environments and is applying patches as they are released, in accordance with vendor recommendations. This approach ensures that Nuspire’s clients are protected from potential exploits as quickly and efficiently as possible.
Agencies running affected products are required to perform the CISA’s recommendations, which are detailed in the advisory. In addition, agencies must carefully follow Ivanti’s instructions to ensure a correct import and avoid service outages.
The recommended actions include:
By taking these steps, agencies can help to mitigate the risk posed by these vulnerabilities and protect their systems and data from potential exploits.