Close Menu
Cybercrime and Ransomware

CISA Expands KEV Catalog with 3 New Vulnerabilities Affecting AMI MegaRAC, D-Link, and Fortinet

Staff WriterBy No Comments4 Mins Read6 Views

Essential Insights

  1. Critical Vulnerabilities Identified: CISA has added three serious vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, affecting AMI MegaRAC, D-Link DIR-859, and Fortinet FortiOS, with evidence of active exploitation.

  2. Severe Exploitation Risk: The highest-risk vulnerability, CVE-2024-54085 (CVSS 10.0), allows remote control of devices, while D-Link’s unpatched CVE-2024-0769 and FortiOS’s CVE-2019-6693 enable privilege escalation and sensitive data decryption, respectively.

  3. D-Link Products EOL: D-Link DIR-859 routers are past their end-of-life (EoL) and will remain unpatched, making it crucial for users to replace these devices to avoid exploitation.

  4. Federal Response Required: Federal agencies must implement mitigations by July 16, 2025, to protect their networks from these vulnerabilities as part of ongoing cybersecurity measures.

Underlying Problem

On June 26, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) identified three critical security vulnerabilities impacting AMI MegaRAC, D-Link DIR-859 routers, and Fortinet FortiOS, adding them to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. The most severe of these, CVE-2024-54085, boasts a CVSS score of 10.0 and involves an authentication bypass vulnerability in the AMI MegaRAC’s Redfish Host Interface, potentially allowing remote attackers to seize control and deploy malware. Other vulnerabilities include CVE-2024-0769, revealing a path traversal issue in unpatched D-Link routers, and CVE-2019-6693, a flaw in FortiOS that allows attackers access to critical CLI configurations.

These security concerns are being reported by Eclypsium and GreyNoise, two firms closely monitoring cybersecurity threats. Eclypsium warned about the potential for extensive malicious activities resulting from CVE-2024-54085, while GreyNoise outlined continued efforts by threat actors linked to the Akira ransomware scheme, exploiting CVE-2019-6693 for initial network access. With these vulnerabilities posing significant risks, federal agencies have been mandated to implement necessary mitigations by July 16, 2025, to safeguard their networks against impending attacks.

Risk Summary

The vulnerabilities identified in AMI MegaRAC, D-Link DIR-859 routers, and Fortinet FortiOS present substantial risks not only to the affected devices but also to a wide array of businesses, users, and organizations connected to these systems. The exploitation of these security flaws could trigger cascading effects, including unauthorized access to critical infrastructure, potential data breaches, and disruptions in service continuity. For instance, CVE-2024-54085’s authentication bypass poses an acute threat, enabling remote attackers to commandeer systems and execute malicious activities, such as deploying malware across networks. Moreover, the unpatched nature of the D-Link routers, which have surpassed their End-of-Life, compounds risk by leaving users vulnerable to exploitation without any recourse for remediation. As these vulnerabilities proliferate, organizations lacking robust cybersecurity measures could find themselves ensnared in a web of compromise, leading to reputational damage, regulatory scrutiny, and financial losses due to remediation costs and operational downtime. Consequently, the ripple effects permeate through partnerships and supply chains, heightening the urgency for widespread awareness and immediate action within the cybersecurity landscape.

Possible Remediation Steps

Timely remediation is crucial in safeguarding critical infrastructure and digital assets from vulnerabilities outlined by CISA, especially regarding the recent addition of three flaws impacting AMI MegaRAC, D-Link, and Fortinet.

Mitigation Steps

  1. Patch Deployment: Immediately apply security patches provided by vendors to remediate the identified vulnerabilities.
  2. Network Segmentation: Isolate affected systems to limit potential breach impacts while remediation efforts are underway.
  3. Intrusion Detection: Implement or enhance intrusion detection systems to monitor for signs of exploits targeting these vulnerabilities.
  4. Vulnerability Scanning: Conduct regular scans to identify additional vulnerabilities within your environment, ensuring a proactive stance.
  5. User Awareness Training: Educate users about potential phishing attacks that might exploit these vulnerabilities indirectly.

NIST Guidance
NIST CSF emphasizes the importance of identifying and managing vulnerabilities effectively. Refer to NIST SP 800-53 for comprehensive guidelines on security and privacy controls that align with mitigating such risks and ensuring organizational resilience against cyber threats.

Continue Your Cyber Journey

Discover cutting-edge developments in Emerging Tech and industry Insights.

Access world-class cyber research and guidance from IEEE.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.