Post

CISA Updates KEV Catalog with Critical Vulnerabilities in AMI MegaRAC, D-Link, and Fortinet Products

Posted
By Tom Grant
1 min read
CISA Updates KEV Catalog with Critical Vulnerabilities in AMI MegaRAC, D-Link, and Fortinet Products

TL;DR

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three critical security flaws to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities affect AMI MegaRAC, D-Link DIR-859 routers, and Fortinet FortiOS. The updates come after evidence of active exploitation was discovered.

CISA Adds Critical Flaws to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog with three new security flaws. These vulnerabilities affect AMI MegaRAC, D-Link DIR-859 routers, and Fortinet FortiOS. The additions were made following evidence of active exploitation of these flaws.

The list of vulnerabilities includes:

  • CVE-2024-54085 (CVSS score: 10.0): Authentication bypass by spoofing

These vulnerabilities pose significant risks to organizations and individuals using the affected products. The high CVSS score of 10.0 for CVE-2024-54085 indicates the critical nature of this flaw, which allows attackers to bypass authentication mechanisms by spoofing.

Impact on AMI MegaRAC

The vulnerability affecting AMI MegaRAC could lead to unauthorized access to sensitive data and systems. Organizations relying on AMI MegaRAC for server management should prioritize patching and implementing additional security measures to mitigate risks.

D-Link DIR-859 routers are also impacted by one of the listed vulnerabilities. Home and small business users are particularly at risk, as these routers are commonly used in such environments. Users should ensure their firmware is up-to-date and consider additional security configurations to protect against potential attacks.

Fortinet FortiOS Vulnerability

Fortinet FortiOS, a critical component of many enterprise security solutions, is affected by a vulnerability that could compromise network security. Organizations using Fortinet products should immediately apply the necessary patches and review their security protocols to address this threat.

Conclusion

The addition of these vulnerabilities to the KEV catalog highlights the ongoing need for vigilance in cybersecurity. Organizations and individuals must stay informed about emerging threats and take proactive measures to protect their systems. Regular updates, patches, and robust security protocols are essential in mitigating the risks associated with these vulnerabilities.

For more details, visit the full article: source

Additional Resources

For further insights, check:

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity vulnerability kev catalog
This post is licensed under CC BY 4.0 by the author.