The US Cybersecurity and Infrastructure Security Agency (CISA) added three security flaws on Wednesday. Each influenced Ami Megarac, D-Link Dir-859 router, and Fortinet Fortios, and was added to the Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.
Here’s the list of vulnerabilities –
CVE-2024-54085 (CVSS score: 10.0) – Authentication bypass fraudulent control by spoofing Redfish host interface on Ami Megarac SPX that allows remote attackers to control CVE-2024-0769 (CVSS score: 5.3) (Ami Megarac SPX) CVE-2019-6693 (CVSS score: 4.2) – Fortios, Fortimager, and Fortianalyzer hard-coded encryption key vulnerability used to encrypt password data in CLI configurations.
Firmware security company Eclypsium, which disclosed CVE-2024-54085 earlier this year, said the flaws could be exploited to perform a wide range of malicious actions, including malware deployment and device firmware tampering.
Currently there is no details on how its shortcomings are weaponized in the wild, who may be exploiting it, or the scale of the attack. Hacker News contacted Eclipsium for comments and if we respond, we will update the story.
The exploitation of CVE-2024-0769 was revealed by threat intelligence company Greynoise exactly a year ago as part of a campaign designed to dump account names, passwords, groups and descriptions of all users on the device.
As of December 2020, this means that the D-Link DIR-859 router has reached the end of life (EOL). This means that vulnerabilities remain below these devices. Users are encouraged to retire and replace the product.
Regarding CVE-2019-6693 abuse, several security vendors report that threat actors linked to the Akira ransomware scheme have exploited the vulnerability to gain initial access to the target network.
In light of the active exploitation of these flaws, federal civil enforcement division (FCEB) agencies must ensure that they have networks by July 16, 2025.
Source link
