The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Wednesday added three security flaws, every impacting AMI MegaRAC, D-Hyperlink DIR-859 router, and Fortinet FortiOS, to its Identified Exploited Vulnerabilities (KEV) catalog, primarily based on proof of lively exploitation.
The record of vulnerabilities is as follows –
- CVE-2024-54085 (CVSS rating: 10.0) – An authentication bypass by spoofing vulnerability within the Redfish Host Interface of AMI MegaRAC SPx that would enable a distant attacker to take management
- CVE-2024-0769 (CVSS rating: 5.3) – A path traversal vulnerability in D-Hyperlink DIR-859 routers that enables for privilege escalation and unauthorized management (Unpatched)
- CVE-2019-6693 (CVSS rating: 4.2) – A tough-coded cryptographic key vulnerability in FortiOS, FortiManager and FortiAnalyzer that is used to encrypt password information in CLI configuration, doubtlessly permitting an attacker with entry to the CLI configuration or the CLI backup file to decrypt the delicate information
Firmware security firm Eclypsium, which disclosed CVE-2024-54085 earlier this yr, mentioned the flaw may very well be exploited to hold out a wide-range of malicious actions, together with deploying malware and tampering with gadget firmware.
There are at the moment no particulars on how the shortcoming is being weaponized within the wild, who could also be exploiting it, and the size of the assaults. The Hacker Information has reached out to Eclypsium for remark, and we’ll replace the story if we get a response.
The exploitation of CVE-2024-0769 was revealed by menace intelligence agency GreyNoise precisely a yr in the past as a part of a marketing campaign designed to dump account names, passwords, teams, and descriptions for all customers of the gadget.
It is value noting that D-Hyperlink DIR-859 routers have reached end-of-life (EoL) as of December 2020, which means the vulnerability will stay unpatched on these gadgets. Customers are suggested to retire and substitute the product.
As for the abuse of CVE-2019-6693, a number of security distributors have reported that menace actors linked to the Akira ransomware scheme have leveraged the vulnerability to acquire preliminary entry to focus on networks.
In mild of the lively exploitation of those flaws, Federal Civilian Government Department (FCEB) businesses are required to use the required mitigations by July 16, 2025, to safe their networks.
