January 19, 2024 at 07:54PM
CISA is pressuring organizations to urgently address critical vulnerabilities in Ivanti Connect Secure VPN. Agencies must apply available mitigations, remove compromised products, and report infected devices. This follows a Chinese government-backed hacking team exploiting the vulnerabilities. The company has released pre-patch mitigations, with comprehensive fixes set to begin rollout on January 22.
From the meeting notes provided, it is clear that the US government’s cybersecurity agency CISA has issued an emergency directive, urging organizations to mitigate critical vulnerabilities in Ivanti Connect Secure VPN devices. The directive includes strict deadlines for federal agencies to apply available mitigations and report on infected devices.
Furthermore, researchers at Volexity have identified the vulnerabilities as CVE-2023-46805 and CVE-2024-21887, with evidence of Chinese government-backed hacking teams exploiting these vulnerabilities for remote code execution attacks.
Ivanti has released pre-patch mitigations, with comprehensive fixes scheduled for release beginning on January 22. In the interim, agencies are required to implement Ivanti’s published mitigation immediately and run the External Integrity Checker Tool to detect any indications of compromise.
It’s worth noting that Volexity researchers caught attackers evading detection using legitimate ICS components and backdooring a legitimate CGI file on the ICS VPN appliance.
This information indicates a critical need for organizations to act swiftly to address these vulnerabilities and ensure the security of their networks.