The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive to all federal agencies, mandating the immediate disconnection of Ivanti VPN appliances due to the significant risk posed by multiple software vulnerabilities. This directive comes in response to the exploitation of zero-day flaws by malicious actors, prompting CISA to require federal civilian executive branch agencies to disconnect all Ivanti VPN appliances within 48 hours.
The U.S. CISA has mandated federal agencies to disconnect Ivanti VPN appliances within 48 hours due to the exploitation of multiple zero-day vulnerabilities, highlighting the critical need for swift and decisive action to mitigate the significant security risks posed by these flaws.
Urgent Action Required
CISA’s emergency directive emphasizes the seriousness of the threat and instructs agencies to disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solutions from their networks by a specified deadline. This swift action is a departure from the typical timeline given for addressing vulnerabilities and underscores the critical nature of the situation.
Heightened Security Concerns
The urgency of the directive is underscored by the revelation of additional zero-day vulnerabilities being actively exploited, with reports of state-backed hackers targeting federal agencies. The evolving nature of the threats has prompted CISA to issue specific instructions for threat hunting, monitoring, and auditing privilege level access accounts to mitigate the risks posed by the Ivanti vulnerabilities.
While Ivanti has released patches for some affected software versions, CISA’s directive underscores the need for ongoing vigilance and thorough measures to ensure the secure restoration of Ivanti appliances. The emphasis on deploying a fresh and patched install of Ivanti Connect Secure VPN devices reflects the gravity of the situation and the imperative to operate from a known good and trusted state.