The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive, instructing all federal agencies to safeguard against a critical vulnerability in a widely-used software program.
The software employed by agencies is known as Ivanti Connect Secure, which enables federal government employees to connect to work remotely.
A critical vulnerability in the program, initially identified by the cybersecurity company Volexity in December, poses a serious threat by providing hackers substantial access to businesses or government agencies using it, and allows for the establishment of additional back doors for future access.
Last week, IIvanti disclosed details of two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, that allow an attacker to move laterally across a target network, conduct data exfiltration, and establish persistent system access.
While CVE-2023-46805 is a vulnerability found in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure, CVE-2024-21887 is a command injection vulnerability.
“CISA has determined an emergency directive is necessary based on the widespread exploitation of these vulnerabilities by multiple threat actors, prevalence of the affected products in the federal enterprise, high potential for compromise of agency information systems and potential impact of a successful compromise,” the cybersecurity watchdog said.
Moreover, according to CISA, hackers are now aware of the vulnerability and have already made several attempts to hack federal agency systems.
“We have observed additional targeting of federal agencies as part of the broader opportunity campaign at this point. Each of those instances are under investigation by CISA and the relevant agency,” Eric Goldstein, executive assistant director at CISA, said in a press briefing.