CISA Systems Compromised Through Ivanti Vulnerabilities, Prompting System Shutdown

March 11, 2024

In an alarming cybersecurity incident, unidentified threat actors successfully breached the systems of the Cybersecurity and Infrastructure Security Agency (CISA) by exploiting vulnerabilities in Ivanti products. The breach was initially detected a month ago in two systems that were subsequently taken offline. The identity of these systems and the nature of data potentially accessed remains undisclosed by CISA.

Unconfirmed reports suggest that the affected systems were the Infrastructure Protection Gateway and the Chemical Security Assessment Tool (CSAT). However, CISA has not officially confirmed these details. The agency has, however, urged organizations to revisit an advisory it issued in late February. This advisory pertains to three specific Ivanti vulnerabilities, identified as CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. These vulnerabilities are associated with Ivanti Connect Secure and Ivanti Policy Secure gateways.

In a concerning revelation, CISA shared that the Ivanti ICT failed to detect compromise during incident response engagements in this case. The attackers managed to steal credentials on the compromised Ivanti devices, with some instances resulting in full domain compromise. This incident has led several prominent cybersecurity agencies to caution organizations about the potential risks posed by these gateway tools in an enterprise environment.

While CISA has reported no operational impact at this time, the agency emphasized the gravity of the situation, stating, 'this is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience.'

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.