CISA Adds New Vulnerabilities to Known Exploited Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently expanded its Known Exploited Vulnerabilities (KEV) catalog, adding three significant security flaws. These vulnerabilities affect various devices, including AMI MegaRAC, D-Link DIR-859 routers, and Fortinet FortiOS. The inclusion of these flaws underscores the pressing need for organizations to be vigilant about their cybersecurity measures.
Details of Newly Identified Vulnerabilities
The newly added vulnerabilities include:
- CVE-2024-54085 (CVSS score: 10.0) – This issue involves an authentication bypass in the Redfish Host Interface of AMI MegaRAC SPx. It allows remote attackers to gain control of the system.
- CVE-2024-0769 (CVSS score: 5.3) – Present in D-Link DIR-859 routers, this path traversal vulnerability permits unauthorized control and privilege escalation. It’s crucial to note that this vulnerability remains unpatched.
- CVE-2019-6693 (CVSS score: 4.2) – A hard-coded cryptographic key vulnerability in FortiOS, FortiManager, and FortiAnalyzer could enable attackers with access to CLI configuration or backup files to decrypt sensitive information.
Focus on AMI MegaRAC Vulnerability
The diagnostics firm Eclypsium highlighted the threatening potential of CVE-2024-54085, emphasizing that this flaw could lead to various harmful actions, such as malware deployment and device firmware tampering. This alarming capability could have far-reaching implications for organizations relying on AMI MegaRAC devices.
Currently, CISA has not disclosed specific information regarding the active exploitation of these vulnerabilities, such as the identity of the attackers or the extent of the threats. The Hacker News has reached out to Eclypsium for any insights, and updates may follow.
Historical Exploitation of D-Link Vulnerability
CVE-2024-0769 has a notable backstory, having been brought to light by the threat intelligence firm GreyNoise approximately a year ago. This vulnerability has been exploited as part of a campaign aimed at extracting sensitive data, including account names, passwords, and user group information from the D-Link devices.
It’s important to recognize that the D-Link DIR-859 routers have been declared end-of-life (EoL) since December 2020. As a result, users should be aware that this vulnerability will not receive any patches. It’s highly recommended that users consider retiring and replacing these devices to mitigate security risks.
Fortinet Vulnerability and Ransomware Threat
Regarding the third vulnerability, CVE-2019-6693, security experts have observed that it has been exploited by threat actors associated with the Akira ransomware initiative. These attackers utilize the vulnerability to gain initial access to targeted networks, raising significant concerns for organizations that still depend on affected Fortinet products.
Mandated Actions for Federal Agencies
In light of the ongoing active exploitation of these vulnerabilities, CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies implement necessary mitigations by July 16, 2025. This requirement aims to bolster the security of federal networks and protect sensitive data from unauthorized access.
Organizations leveraging these technologies should act swiftly and ensure that they have robust security protocols in place. Staying informed about vulnerabilities and applying timely patches or updates is essential in today’s rapidly evolving cybersecurity landscape.
