CISA issues emergency directive for agencies to address Ivanti software vulnerabilities in federal systems

The Cybersecurity and Infrastructure Security Agency has issued an emergency directive to federal civilian executive branch agencies to mitigate vulnerabilities found in two “affected products” from software company Ivanti and undertake specific actions to address potential compromises.

“CISA has observed widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure solutions, hereafter referred to as ‘affected products.’ Successful exploitation of the vulnerabilities in these affected products allows a malicious threat actor to move laterally, perform data...