Priya Patel
TLDR:
- CISA warns of ongoing exploitation of Ivanti vulnerabilities
- Threat actors can bypass authentication and gain elevated privileges
The Cybersecurity and Infrastructure Security Agency (CISA) issued a cybersecurity advisory in partnership with the FBI and international agencies, highlighting the continued exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. Initial warnings were issued in January, followed by a mandate for federal agencies to disconnect the affected products. The advisory emphasizes the persistent targeting of these vulnerabilities by threat actors, enabling them to bypass authentication and execute commands with elevated privileges. Organizations are urged to follow the guidance outlined in the advisory, including implementing secure-by-design principles, avoiding VPN solutions with proprietary protocols, and keeping software up to date. Industry partnerships have provided valuable insights for organizations to protect against malicious actors. CISA and the FBI suggest incorporating secure practices in software development and limiting SSL VPN connections to unprivileged accounts.
The advisory also emphasizes the importance of taking immediate action to remove and rebuild vulnerable Ivanti devices to reduce risks to federal systems. The FBI stresses the need for private and public sector entities to follow the guidance provided in the advisory to mitigate critical vulnerabilities. Alongside the release of the advisory, various international agencies have collaborated to provide comprehensive recommendations for organizations to safeguard their networks. While the advisory does not disclose any new vulnerabilities, it reinforces the importance of implementing security updates and following recommended security practices to prevent threat actor persistence.
