CISA Issues Emergency Directive on Ivanti Vulnerabilities
CISA has issued Emergency Directive (ED) 24-01 Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities in response to active vulnerabilities in the following Ivanti products: Ivanti Connect Secure and Ivanti Policy Secure.
ED 24-01 directs all Federal Civilian Executive Branch (FCEB) agencies running Ivanti Connect Secure and Ivanti Policy Secure to:
- Implement the mitigations as detailed in the ED.
- Report indications of compromise to CISA.
- Remove compromised products from agency networks and follow the ED’s comprehensive instructions for restoring and bringing the products back into service.
- Apply the updates to the products within 48 hours of Ivanti releasing the updates.
- Provide CISA with a report that includes:
- A complete inventory of all instances of Ivanti Connect Secure and Ivanti Policy Secure products on agency networks.
- Details on actions taken and results.
Although this directive is only for FCEB agencies, CISA strongly encourages all organizations to address the vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure. For additional details, see CISA’s Alert, Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways, which CISA will update with further mitigations and patches as these become available.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.