CISA Catalog Update-June 25, 2025

CISA Catalog Update-June 25, 2025

No Comments

🔍 Executive Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent update to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting three newly confirmed exploited security flaws affecting:

  • AMI’s MegaRAC BMC firmware
  • D-Link’s DIR-859 consumer-grade routers
  • Fortinet’s FortiOS firewall systems

These additions represent active threats across infrastructure, IoT, and perimeter defense ecosystems. Under Binding Operational Directive (BOD) 22-01, federal civilian executive branch (FCEB) agencies are required to patch or mitigate these vulnerabilities by assigned deadlines, while all other organizations are strongly encouraged to do the same.

🧩 1. CVE-2024-54085 – AMI MegaRAC SPx BMC Authentication Bypass

  • Component Affected: American Megatrends (AMI) MegaRAC SPx firmware
  • Vulnerability Type: Authentication Bypass via IP Spoofing
  • Attack Vector: Remote / Network-facing Baseboard Management Controller (BMC) interface
  • Impact: Unauthenticated attackers can gain root-level access to server firmware-level features such as power management, remote console, BIOS settings, and virtual media
  • Risk Notes:
  • Exploitable across large datacenter environments, particularly where IPMI interfaces are exposed externally or misconfigured
  • Exploitation can bypass OS-level controls entirely

🔎 BMC exploitation enables persistent backdoor access below the operating system level — often invisible to endpoint detection tools.

🌐 2. CVE-2024-0769 – D-Link DIR-859 Path Traversal Vulnerability

  • Product Affected: D-Link DIR-859 AC1750 Wireless Router
  • Vulnerability Type: Path Traversal
  • Attack Vector: Remote / Web Interface (Unauthenticated)
  • Impact: Arbitrary file access on the device filesystem, including sensitive configuration files, credentials, or session tokens
  • Risk Notes:
  • No authentication required
  • Frequently deployed in home offices and SOHO environments
  • Can be used for credential harvesting or lateral movement if the router sits on a shared segment

🔎 Path traversal flaws in embedded devices can be chained with command injection vulnerabilities or privilege misuse.

🔐 3. CVE-2019-6693 – Fortinet FortiOS Hard-Coded Credentials

  • Product Affected: Fortinet FortiOS (select versions)
  • Vulnerability Type: Use of Hard-Coded Credentials
  • Attack Vector: Remote (typically via SSH or Web UI)
  • Impact: Attackers can log in to the device with default or hard-coded backdoor credentials
  • Risk Notes:
  • A long-known weakness with continued relevance due to unpatched legacy appliances
  • Can lead to immediate administrative-level compromise of firewall infrastructure
  • Frequently targeted by botnets and APTs for command-and-control or network pivoting

🔎 Hard-coded credentials remain one of the top methods of perimeter breaches in unmanaged or neglected network appliances.

✅ Remediation Guidance & Recommended Actions

🔄 Immediate Steps

  • Patch vulnerable devices: Ensure latest firmware/software updates are applied from AMI, D-Link, and Fortinet
  • Restrict external access: Limit public access to BMC, router admin panels, and firewall interfaces
  • Monitor logs for IOCs: Review for suspicious logins, unauthorized file access, and unexpected console sessions
  • Segregate critical infrastructure: Apply network segmentation to isolate management interfaces and IoT devices

🔐 Long-Term Security Hardening

  • Implement Zero Trust controls for device access
  • Replace or decommission legacy appliances with known default credentials
  • Use MDM and firmware integrity monitoring for embedded devices
Tags:

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.