Agencies must disconnect all exposed Ivanti products by Friday, CISA says

The Cybersecurity and Infrastructure Security Agency directed all federal agencies to disconnect themselves from a suite of Ivanti products by Friday, citing the discovery of two additional security vulnerabilities in the IT products.

The directive from the Homeland Security Department’s civilian cyber agency follows a related Jan. 19 warning that officials deemed serious, stressing that some 15 agencies involved in national security business were identified as using the targeted systems.

“As soon as possible and no later than 11:59PM on Friday February 2, 2024, disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks,” CISA said in a Wednesday listing of required actions. Agencies must also notify CISA on Monday that they removed the equipment from their systems.

Ivanti on Wednesday rolled out an extensive vulnerability assessment list about the products, noting that the exposures can allow hackers “to access restricted resources by bypassing control checks” and gain administrative privileges in compromised systems.

A technical analysis by Google-owned Mandiant noted that China-linked hackers have attempted to leverage the weaknesses since at least December. At least 2,100 systems were flagged as infected in an initial blog post by cybersecurity firm Volexity.