Mitigate Vulnerabilities with Ivanti Connect Secure | Lockheed Martin

Who we are What we do News Careers Investors Suppliers

Global Activity

United States | English

back

Global Activity

Featured

Global Activity image

Global Presence, Local Impact

Learn how we are strengthening the economies, industries and communities of our global partner nations.

Australia

English

Canada

English Français

Denmark

English Danish

Germany

English Deutsch

Greece

English Ελληνικά

India

English

Israel

English עברית

Japan

English 日本語

Latin America

English Spanish Portuguese

New Zealand

English

Poland

English Polski

Republic of Korea

English 한국어

Saudi Arabia

English عربى

Singapore

English

Spain

English Español

Taiwan

English

United Arab Emirates

English عربى

United Kingdom

English

United States

English

back

Search

back

Who we are

About Us Leadership & Governance Our Businesses Sustainability, Social Impact & Diversity Ethics Economic and Workforce Impact Global Activities

back

About Us

Our Company Our Culture Our History

back

Leadership & Governance

Executive Leadership Team Full Spectrum Leadership

Corporate Governance

Board of Directors Corporate Charter Political Disclosures

back

Our Businesses

Business Areas

Aeronautics Missiles and Fire Control Rotary and Mission Systems Space LM Ventures

back

Sustainability, Social Impact & Diversity

Social Impact Diversity & Inclusion Environmental, Safety and Health Sustainability

back

Social Impact

In the Community Military and Veteran Support Future STEM Workforce Employee Focused Programs Volunteerism

Contribution Process

back

Ethics

Ethics Code of Conduct Business Conduct Ethics Awareness Training Integrity Minute

back

Sustainability

Sustainability at LM Sustainability Performance Report Sustainability Management Plan Sustainability Governance Plan

back

What We Do

Aircraft All-Domain Operations Autonomy & AI Cyber Deterrence Capabilities Maritime Systems Space Sustainment & Training Systems Transformative Technology

Products by Domain

Featured

21st Century Security

Designed to help the U.S. and allies leverage emerging technologies to create a resilient multi-domain network.

back

Autonomy & AI

Artificial Intelligence Autonomy Distributed Teaming

View Autonomous Products

back

Aircraft

Explore All Aircraft

Fixed Wing

Commercial Aircraft Fighter Jets Tactical Airlift Tanker Transport Autonomous Aircraft

Rotary Wing

Commercial Aircraft Future Vertical Lift Sikorsky Autonomous Aircraft

back

All-Domain Operations

21st Century Security C4ISR Solutions Joint All-Domain Operations

back

Aircraft

Fixed Wing

Commercial Aircraft Fighter Jets Tanker Transport Autonomous Aircraft

Rotary Wing

Commercial Aircraft Future Vertical Lift Sikorsky Autonomous Aircraft

back

Cyber Capabilities

Cyber 1 Cyber 2 Cyber 3

back

Innovation

Skunk Works®

Global Research and Development

Advanced Technology Center Advanced Technology Laboratories Center for Innovation Sikorsky Innovations STELaRLab

back

Space Capabilities

Communications Security Deterrence & Missile Defence Global Situational Awareness Human & Scientific Exploration Intelligence Solutions & Cyber Space Technologies

back

Sustainment & Training Systems

Sustainment & Global Readiness Training Systems

back

Deterrence Capabilities

C4ISR Solutions Cyber Solutions Directed Energy Electronic Warfare Integrated Air & Missile Defense Joint All-Domain Operations Radar Sensors Weapon Systems

back

Products by Domain

All Products

By Domain

Air Cyber Land Sea Space

back

Transformative Technologies

21st Century Security 5G.MIL Solutions Artificial Intelligence Cyber Directed Energy Firefighting Intelligence Hypersonic Solutions Spectrum Dominance

Our Business Innovation

Digital Transformation Research Labs

back

Research Labs

Skunk Works®

Global Research and Development

Advanced Technology Center Advanced Technology Laboratories Center for Innovation Sikorsky Innovations STELaRLab

Back to Supplier News

Mitigate Vulnerabilities with Ivanti Connect Secure

January 12, 2024

Critical zero-day exploits have been discovered in Ivanti Connect Secure (ICS), formerly known as Pulse Connect Secure and Ivanti Policy Secure Gateways. The vulnerabilities impact all supported versions – Version 9.x and 22.x. These vulnerabilities are actively being exploited by advanced threat actors and pose a significant security risk. Immediate action is required to mitigate potential threats.

Vulnerability Details

CISA has added three Emergency Directives for Ivanti Connect Secure and Ivanti Policy Secure, based on evidence of active exploitation.

CVE-2024-21887 Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
CVE-2023-46805 Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
Ivanti Alert – Vendor Alert and Mitigation Recommendations

Patches will be released in a staggered schedule with the first version targeted to be available to customers the week of 22 January and the final version targeted to be available the week of 19 February.

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the enterprise.

Recommended Mitigation Actions:
To address these vulnerabilities and enhance the security of your systems, we strongly recommend that you take the following actions:

Review FAQs and immediately apply vendor recommended mitigations provided here.
Patch systems as patches are made available by the vendor.

Securing the defense industrial base is a team sport. Consider joining the National Defense Information Sharing and Analysis Center (ND-ISAC) to better understand latest threats.

ND-ISAC is the official ISAC for the DIB Critical Infrastructure Sector recognized by DOD and DHS. The ND-ISAC is a private sector self-organized and self-governing entity and a trusted partner providing exceptional technical solutions and support to its members. Email ND-ISAC to contact the team or see ND-ISAC’s public-facing website below.

ND-ISAC Website