US government tells federal agencies they have 48 hours to repair Ivanti VPN tech following breaches

Ivanti tech needs to be disconnected and repaired ASAP, CISA says

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

US Government agencies using Ivanti Connect Secure and Ivanti Policy Secure have been told to disconnect these solutions immediately and not turn them back on until they’re absolutely certain they’ve been properly patched, and their networks disinfected from possible hacker incursions.

This stark warning wasissuedby the Cybersecurity and Infrastructure Security Agency (CISA), as part of its Emergency Directive 24-01.

According to this Supplemental Direction V1, after disconnecting the instances, federal agencies using these affected products must continue threat hunting, monitoring of authentication services, and isolation of affected systems. Furthermore, they are urged to audit privilege level access accounts, too.

Cleaning up the gear

It has been a somewhat hectic start to 2024 for Ivanti, which in early January announced discovering and patching two critical vulnerabilities in some of its products, which allowed threat actors to runarbitrary commandson flawed endpoints.

Releasing a security advisory at the time, Ivanti said the flaws were tracked as CVE-2023-46805, and CVE-2024-21887. The former is an authentication bypass, while the latter code injection.

Soon after the announcement, CISA warned federal agencies that the flaws were being abused in the wild and that they should apply workarounds, mitigations, and patches, immediately. The agency warned of a “sharp increase” in attacks after January 11, with threat actors targeting everyone, including government firms.

To be able to use Ivanti’s services again, agencies must follow specific steps, including exporting configuration settings, performing a factory reset, and upgrading to supported software versions. They also have until February 5 to report their actions and status to CISA.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

There are more than 22,000 Ivanti ICS VPNs exposed online at the moment,BleepingComputerclaims, with almost 400 Ivanti VPN devices also thought to be at risk.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

3 reasons why PIA fell in our best VPN rankings

Is it still worth using Proton VPN Free?

Cybersecurity is business survival and CISOs need to act now