Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

US government tells federal agencies they have 48 hours to repair Ivanti VPN tech following breaches

Zero-day attack.

US Government agencies using Ivanti Connect Secure and Ivanti Policy Secure have been told to disconnect these solutions immediately and not turn them back on until they’re absolutely certain they’ve been properly patched, and their networks disinfected from possible hacker incursions.

This stark warning was issued by the Cybersecurity and Infrastructure Security Agency (CISA), as part of its Emergency Directive 24-01. 

According to this Supplemental Direction V1, after disconnecting the instances, federal agencies using these affected products must continue threat hunting, monitoring of authentication services, and isolation of affected systems. Furthermore, they are urged to audit privilege level access accounts, too.

Cleaning up the gear

It has been a somewhat hectic start to 2024 for Ivanti, which in early January announced discovering and patching two critical vulnerabilities in some of its products, which allowed threat actors to run arbitrary commands on flawed endpoints. 

Releasing a security advisory at the time, Ivanti said the flaws were tracked as CVE-2023-46805, and CVE-2024-21887. The former is an authentication bypass, while the latter code injection.

Soon after the announcement, CISA warned federal agencies that the flaws were being abused in the wild and that they should apply workarounds, mitigations, and patches, immediately. The agency warned of a “sharp increase” in attacks after January 11, with threat actors targeting everyone, including government firms. 

To be able to use Ivanti’s services again, agencies must follow specific steps, including exporting configuration settings, performing a factory reset, and upgrading to supported software versions. They also have until February 5 to report their actions and status to CISA.

There are more than 22,000 Ivanti ICS VPNs exposed online at the moment, BleepingComputer claims, with almost 400 Ivanti VPN devices also thought to be at risk.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.