The IT Nerd

You might remember that Ivanti who have had a number of zero day vulnerabilities pop up over the last few months disclosed two of them with their Connect Secure VPN appliances. And at the same time, they disclosed that the vulnerabilities were being actively exploited. That got the attention of the CISA who in mid January issued an emergency directive to mitigate this. But I guess that didn’t go far enough for the CISA who is now ordering this action among others via this supplemental direction:

As soon as possible and no later than 11:59PM on Friday February 2, 2024, disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks.

I am guessing that the CISA took this action because of a  third actively exploited zero-day in these VPN appliances that Ivanti disclosed. It’s really looking like that these VPN appliances cannot be trusted so pulling them from service is likely the best course of action. Honestly, Ivanti has a lot of explaining to do because given their very recent track record of disclosing zero day after zero day, they as a company who can produce secure products are looking a bit suspect here.

Oh I should mention that if you’re a company who uses Ivanti products, you might want to rethink that given the actions of the CISA. And perhaps you should consider following their lead to avoid getting pwned.

This entry was posted on February 4, 2024 at 12:04 pm and is filed under Commentary with tags Ivanti. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.