Jun 26, 2025Ravie LakshmananVulnerability / Firmware Safety
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Wednesday added three safety flaws, every impacting AMI MegaRAC, D-Hyperlink DIR-859 router, and Fortinet FortiOS, to its Identified Exploited Vulnerabilities (KEV) catalog, based mostly on proof of energetic exploitation.
The listing of vulnerabilities is as follows –
CVE-2024-54085 (CVSS rating: 10.0) – An authentication bypass by spoofing vulnerability within the Redfish Host Interface of AMI MegaRAC SPx that might enable a distant attacker to take management
CVE-2024-0769 (CVSS rating: 5.3) – A path traversal vulnerability in D-Hyperlink DIR-859 routers that permits for privilege escalation and unauthorized management (Unpatched)
CVE-2019-6693 (CVSS rating: 4.2) – A tough-coded cryptographic key vulnerability in FortiOS, FortiManager and FortiAnalyzer that is used to encrypt password information in CLI configuration, doubtlessly permitting an attacker with entry to the CLI configuration or the CLI backup file to decrypt the delicate information
Firmware safety firm Eclypsium, which disclosed CVE-2024-54085 earlier this 12 months, stated the flaw could possibly be exploited to hold out a wide-range of malicious actions, together with deploying malware and tampering with machine firmware.
There are at present no particulars on how the shortcoming is being weaponized within the wild, who could also be exploiting it, and the dimensions of the assaults. The Hacker Information has reached out to Eclypsium for remark, and we are going to replace the story if we get a response.
The exploitation of CVE-2024-0769 was revealed by risk intelligence agency GreyNoise precisely a 12 months in the past as a part of a marketing campaign designed to dump account names, passwords, teams, and descriptions for all customers of the machine.
It is price noting that D-Hyperlink DIR-859 routers have reached end-of-life (EoL) as of December 2020, that means the vulnerability will stay unpatched on these units. Customers are suggested to retire and substitute the product.
As for the abuse of CVE-2019-6693, a number of safety distributors have reported that risk actors linked to the Akira ransomware scheme have leveraged the vulnerability to acquire preliminary entry to focus on networks.
In mild of the energetic exploitation of those flaws, Federal Civilian Govt Department (FCEB) companies are required to use the required mitigations by July 16, 2025, to safe their networks.
Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.
