US government tells federal agencies they have 48 hours to get rid of Ivanti VPN technology after breaches
US government agencies using Ivanti Connect Secure and Ivanti Policy Secure have been told to immediately disconnect these solutions and not re-enable them until they are absolutely certain that they have been properly patched and their networks have been disinfected against possible hacker attacks.
This sharp warning was issued by the Cybersecurity and Infrastructure Security Agency (CISA), as part of its emergency directive 24-01.
Under this supplemental guidance V1, after agency disconnection, federal agencies using these affected products must continue to scan for threats, monitor authentication services, and isolate affected systems. Additionally, they are urged to also audit privilege-level access accounts.
Cleaning up the equipment
It’s been a somewhat hectic start to 2024 for Ivanti, which announced in early January that it had discovered and patched two critical vulnerabilities in a number of its products, allowing threat actors to execute arbitrary commands on flawed endpoints.
Ivanti issued a security advisory at the time, saying the flaws were being tracked as CVE-2023-46805 and CVE-2024-21887. The former is an authentication bypass, while the latter is code injection.
Shortly after the announcement, CISA alerted federal agencies that the flaws were being exploited in the wild and that they should immediately apply fixes, fixes, and patches. The agency warned of a “sharp increase” in attacks after January 11, with threat actors targeting everyone, including government-owned companies.
To use Ivanti’s services again, agencies must follow specific steps, including exporting configuration settings, performing a factory reset, and upgrading to supported software versions. They also have until February 5 to report their actions and status to CISA.
There are currently over 22,000 Ivanti ICS VPNs available online, BleepingComputer claims, with nearly 400 Ivanti VPN devices also believed to be at risk.
Through BleepingComputer