Summary: The Cybersecurity and Infrastructure Security Agency issued an emergency directive after software firm Ivanti discovered vulnerabilities in two widely-used products. “This emergency directive directs all federal civilian agencies to immediately take specific actions and implement vendor mitigation guidance to these Ivanti appliances,” CISA wrote in a release. “Last week, Ivanti released information regarding two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, that allow an attacker to move laterally across a target network, perform data exfiltration and establish persistent system access. CISA has determined an emergency directive is necessary based on the widespread exploitation of these vulnerabilities by multiple threat actors, prevalence of the affected products in the federal enterprise, high potential for compromise of agency information systems and potential impact of a successful compromise.” Learn more about your ad choices. Visit megaphone.fm/adchoices
