Article Details

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - Firmware security company Eclypsium, which disclosed CVE-2024-54085 earlier this year, said the flaw could be exploited to carry out a wide-range of malicious actions, including deploying malware and tampering with device firmware. There are currently no details on how the shortcoming is being weaponized in the wild, who may be exploiting it, and the scale of the attacks. The Hacker News has reached out to Eclypsium for comment, and we will update the story if we get a response. The exploitation of CVE-2024-0769 was revealed by threat intelligence firm GreyNoise exactly a year ago as part of a campaign designed to dump account names, passwords, groups, and descriptions for all users of the device. It's worth noting that D-Link DIR-859 routers have reached end-of-life (EoL) as of December 2020, meaning the vulnerability will remain unpatched on these devices. Users are advised to retire and replace the product. As for the abuse of CVE-2019-6693, multiple security vendors have reported that threat actors linked to the Akira ransomware scheme have leveraged the vulnerability to obtain initial access to target networks. In light of the active exploitation of these flaws, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary mitigations by July 16, 2025, to secure their networks.