π Executive Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent update to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting three newly confirmed exploited security flaws affecting:
- AMIβs MegaRAC BMC firmware
- D-Linkβs DIR-859 consumer-grade routers
- Fortinetβs FortiOS firewall systems
These additions represent active threats across infrastructure, IoT, and perimeter defense ecosystems. Under Binding Operational Directive (BOD) 22-01, federal civilian executive branch (FCEB) agencies are required to patch or mitigate these vulnerabilities by assigned deadlines, while all other organizations are strongly encouraged to do the same.
𧩠1. CVE-2024-54085 β AMI MegaRAC SPx BMC Authentication Bypass
- Component Affected: American Megatrends (AMI) MegaRAC SPx firmware
- Vulnerability Type: Authentication Bypass via IP Spoofing
- Attack Vector: Remote / Network-facing Baseboard Management Controller (BMC) interface
- Impact: Unauthenticated attackers can gain root-level access to server firmware-level features such as power management, remote console, BIOS settings, and virtual media
- Risk Notes:
- Exploitable across large datacenter environments, particularly where IPMI interfaces are exposed externally or misconfigured
- Exploitation can bypass OS-level controls entirely
π BMC exploitation enables persistent backdoor access below the operating system level β often invisible to endpoint detection tools.
π 2. CVE-2024-0769 β D-Link DIR-859 Path Traversal Vulnerability
- Product Affected: D-Link DIR-859 AC1750 Wireless Router
- Vulnerability Type: Path Traversal
- Attack Vector: Remote / Web Interface (Unauthenticated)
- Impact: Arbitrary file access on the device filesystem, including sensitive configuration files, credentials, or session tokens
- Risk Notes:
- No authentication required
- Frequently deployed in home offices and SOHO environments
- Can be used for credential harvesting or lateral movement if the router sits on a shared segment
π Path traversal flaws in embedded devices can be chained with command injection vulnerabilities or privilege misuse.
π 3. CVE-2019-6693 β Fortinet FortiOS Hard-Coded Credentials
- Product Affected: Fortinet FortiOS (select versions)
- Vulnerability Type: Use of Hard-Coded Credentials
- Attack Vector: Remote (typically via SSH or Web UI)
- Impact: Attackers can log in to the device with default or hard-coded backdoor credentials
- Risk Notes:
- A long-known weakness with continued relevance due to unpatched legacy appliances
- Can lead to immediate administrative-level compromise of firewall infrastructure
- Frequently targeted by botnets and APTs for command-and-control or network pivoting
π Hard-coded credentials remain one of the top methods of perimeter breaches in unmanaged or neglected network appliances.
β Remediation Guidance & Recommended Actions
π Immediate Steps
- Patch vulnerable devices: Ensure latest firmware/software updates are applied from AMI, D-Link, and Fortinet
- Restrict external access: Limit public access to BMC, router admin panels, and firewall interfaces
- Monitor logs for IOCs: Review for suspicious logins, unauthorized file access, and unexpected console sessions
- Segregate critical infrastructure: Apply network segmentation to isolate management interfaces and IoT devices
π Long-Term Security Hardening
- Implement Zero Trust controls for device access
- Replace or decommission legacy appliances with known default credentials
- Use MDM and firmware integrity monitoring for embedded devices
