We previously reported on critical and high severity vulnerabilities in Ivanti Pulse Secure and Policy Secure [CVE-2023-56805 & CVE-2024-21887]. They were added to the CISA KEV Catalog and an emergency directive was issued on January 19, 2024 for federal agencies to apply an Ivanti supplied workaround. Since then, the situation has deteriorated. Ivanti was delayed in releasing a patch until January 31, 2023. There were reports that the patch may cause race conditions and was, for a brief time, unavailable.
Exploitation in the wild has been observed from multiple threat groups including China affiliated APTs. Following these reports, CISA issued a supplementary emergency directive indicating that all instances of Ivanti Connect Secure and Policy Secure be disconnected by Feb 2nd and to perform additional analysis and remediation on affected systems.
Due to ongoing issues, including delayed patch availability, evidence of active exploitation, reports of failed fixes, and the discovery of additional vulnerabilities, our cybersecurity experts strongly advise taking CISA recommended actions.
Feedback
0 comments
Please sign in to leave a comment.