The American Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency order calling on all federal agencies to take Ivanti devices offline.
The background to this measure is the discovery of security gaps in network products from the manufacturer Ivanti. The “Ivanti Connect Secure” and “Ivanti Policy Secure” products are affected. CISA published conditions that must be met before the US manufacturer's devices are allowed back on the network. This includes resetting to factory settings and updating to a bug-fixed version. Passwords and certificates also have to be reissued.
CISA writes on its site: “Threat actors continue to exploit vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure solutions to intercept credentials and drop webshells that enable further compromise of corporate networks. Some threat actors have recently developed workarounds to previous mitigation and detection methods and have been able to exploit vulnerabilities, move laterally, and escalate privileges without being detected. CISA is aware of cases where threat actors have minimized the traces of their intrusion, thereby limiting the effectiveness of the external integrity check (ICT) tool.”
More at CISA.gov
About CISA
CISA is the federal operational lead for cybersecurity and the national coordinator for the security and resilience of critical infrastructure. We are designed for collaboration and partnership. Mission: We are at the forefront of the national effort to understand, manage and reduce risks to our cyber and physical infrastructure. Vision: A secure and resilient critical infrastructure for the American people.