CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

June 29, 2025 invoker category_news

Security Update News

Update Information

Title CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet
Update ID THN:803E05DAB2E6116ADCC117DED04C19FF
Type thn
Published 2025-06-26T06:02:00
Last Updated 2025-06-26T06:02:43

Security Impact

CVSS Score 10.0
Severity CRITICAL
Attack Vector NETWORK

Affected CVEs

  • CVE-2019-6693
  • CVE-2024-0769
  • CVE-2024-54085

Update Details

![CISA Adds 3 Flaws to KEV Catalog](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The list of vulnerabilities is as follows –

* **CVE-2024-54085** (CVSS score: 10.0) – An authentication bypass by spoofing vulnerability in the Redfish Host Interface of AMI MegaRAC SPx that could allow a remote attacker to take control
* **CVE-2024-0769** (CVSS score: 5.3) – A path traversal vulnerability in D-Link DIR-859 routers that allows for privilege escalation and unauthorized control (Unpatched)
* **CVE-2019-6693** (CVSS score: 4.2) – A hard-coded cryptographic key vulnerability in FortiOS, FortiManager and FortiAnalyzer that’s used to encrypt password data in CLI configuration, potentially allowing an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data

Firmware security company Eclypsium, which disclosed CVE-2024-54085 earlier this year, said the flaw could be exploited to carry out a wide-range of malicious actions, including deploying malware and tampering with device firmware.

![Cybersecurity](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)

There are currently no details on how the shortcoming is being weaponized in the wild, who may be exploiting it, and the scale of the attacks. The Hacker News has reached out to Eclypsium for comment, and we will update the story if we get a response.

The exploitation of CVE-2024-0769 was revealed by threat intelligence firm GreyNoise exactly a year ago as part of a campaign designed to dump account names, passwords, groups, and descriptions for all users of the device.

It’s worth noting that D-Link DIR-859 routers have reached end-of-life (EoL) as of December 2020, meaning the vulnerability will remain unpatched on these devices. Users are advised to retire and replace the product.

As for the abuse of CVE-2019-6693, multiple security vendors have reported that threat actors linked to the Akira ransomware scheme have leveraged the vulnerability to obtain initial access to target networks.

In light of the active exploitation of these flaws, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary mitigations by July 16, 2025, to secure their networks.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.