Categories: US-Cert-Repository

CISA Issues Emergency Directive on Ivanti Vulnerabilities

CISA has issued Emergency Directive (ED) 24-01 Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities in response to active vulnerabilities in the following Ivanti products: Ivanti Connect Secure and Ivanti Policy Secure.
ED 24-01 directs all Federal Civilian Executive Branch (FCEB) agencies running Ivanti Connect Secure and Ivanti Policy Secure to:

Implement the mitigations as detailed in the ED.
Report indications of compromise to CISA.
Remove compromised products from agency networks and follow the ED’s comprehensive instructions for restoring and bringing the products back into service.
Apply the updates to the products within 48 hours of Ivanti releasing the updates.
Provide CISA with a report that includes:
- A complete inventory of all instances of Ivanti Connect Secure and Ivanti Policy Secure products on agency networks.
- Details on actions taken and results.

Although this directive is only for FCEB agencies, CISA strongly encourages all organizations to address the vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure. For additional details, see CISA’s Alert, Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways, which CISA will update with further mitigations and patches as these become available.

Source link

admin

Next Citrix Releases Security Updates for NetScaler ADC and NetScaler Gateway »

Previous « Incident Response Guide for the WWS Sector

This website uses cookies.

CISA Issues Emergency Directive on Ivanti Vulnerabilities

Recent Posts

CISA Releases Four Industrial Control Systems Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Releases Two Industrial Control Systems Advisories

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA and UK NCSC Release Joint Guidance for Securing OT Systems