CISA issued a rare emergency directive instructing all Federal agencies to mitigate vulnerabilities in the Connect Secure and Policy Secure products by Ivanti by close of business Monday. The vulnerability is severe enough to "allow an attacker to move laterally across a target network, perform data exfiltration and establish persistent system access". The vulnerabilities are tracked as CVE-2023-46805 and CVE-2024-21887.
If you have these products it is time to patch, remediate, mitigate this vulnerability ASAP.
We discuss this in the vlog below.
Article on Federal News Network: https://federalnewsnetwork.com/cybersecurity/2024/01/cisa-mandates-agencies-close-2-cyber-vulnerabilities-immediately/